当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139001

漏洞标题:惠普等大量智能打印机漏洞可远程打印

相关厂商:惠普

漏洞作者: 路人甲

提交时间:2015-09-06 10:54

修复时间:2015-10-25 03:08

公开时间:2015-10-25 03:08

漏洞类型:服务弱口令

危害等级:中

自评Rank:9

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-06: 细节已通知厂商并且等待厂商处理中
2015-09-10: 厂商已经确认,细节仅向厂商公开
2015-09-20: 细节向核心白帽子及相关领域专家公开
2015-09-30: 细节向普通白帽子公开
2015-10-10: 细节向实习白帽子公开
2015-10-25: 细节向公众公开

简要描述:

嘿嘿,好想和 <我是谁:之没有绝对安全的系统> 里的黑客一样。打印别人一地的纸。。

详细说明:

通过 HP ePrint,您几乎可以在任何地方打印。ePrint 的工作原理之一就是为打印机分配一个电子邮箱地址。您只需要发送一封包含您文档的电子邮件到打印机地址即可完成打印。您可以打印图像、Microsoft Word、Excel* 和 PowerPoint 文档、PDF 以及照片。您可以通过使用 HP ePrintCenter 上打印机的“作业历史记录”,查看和管理发送到打印机的打印作业。
* 需要打印机具有 Internet 连接。

漏洞证明:

整理了个关键字。Google
inurl:this.LCDispatcher?nav=hp.Print
发几个链接:
https://140.114.40.108/hp/device/ReportsAndTests/Index
https://140.114.40.172/hp/device/Print/Index
http://140.114.36.21/hp/device/this.LCDispatcher?nav=hp.Print
http://140.114.32.49:280/hp/device/this.LCDispatcher?nav=hp.Print
http://140.114.30.30/hp/device/this.LCDispatcher?nav=hp.Print
加图

1.png


2.png


4.png


5.png

修复方案:

你们比我懂!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-09-10 03:07

厂商回复:

最新状态:

2015-09-22:Hello WooYun team,I am not sure why the status is that the bug is confirmed. We are still doing assessment of your report. We will provide a response after we are complete with the assessment. Please correct the status of this report.Thanks,HP PSRT

2015-10-01:Hello, here is HP's response to the report:________________________________________The HP ePrint feature is not turned on by default. The printer user/owner is required to enable ePrint in to the Web Services tab of the device’s Embedded Web Server. At that time an e-mail is created for the device. The printers e-mail address is 13 alphanumeric characters to increase security. The ePrint configuration provides the following information:“To help prevent unauthorized email, HP assigns a random email address to your printer, never publicizes this address, and by default does not respond to any sender. ePrint also provides industry-standard spam filtering and transforms email and attachments to a print-only format to reduce the threat of a virus or other harmful content.”The printer can be further protected by register it with HP’s free ePrint Service. The user can create a list of up to 500 addresses allowed to print. The ePrint configuration provides the following information:“The HP Connected website to set up increased security for ePrint, specify the email addresses that are allowed to send email to your printer”Users experiencing unauthorized access can change the email address of the affected printer at the ePrint Service website.The ability to print from a print device’s Embedded Web Server interface is standard functionality. Availability of this feature is configurable on the current generation of LaserJet printers. Please be aware printing devices accessible on the public internet may encounter unintended usage.________________________________________