HP Printer security flaw allows hackers to extract passwords

Graham Cluley
@gcluley

Owners of certain HP LaserJet Pro printers are being advised to protect themselves against a security vulnerability “as soon as possible”, after researchers found it was possible to remotely access admin passwords and other information.

The vulnerability, dubbed CVE-2013-4807, was discovered by Michał Sajdak of Securitum.pl who described how hackers could extract plaintext admin passwords via hidden URLs hardcoded into the printers’ hardware.

Sajdak discovered that if you access vulnerable LaserJet printers via a URL like this:

http://IP_ADDRESS/dev/save_restore.xml

Sign up to our newsletter
Security news, advice, and tips.

you are not required to authenticate yourself, and a number of parameters are easily accessible.

For instance, in his example, Sajdak found a hex representation of the admin password:

In this case, 0x746573746f7765 is the hex equivalent to “testowe”.

Furthermore, Sajdak found that WiFi-enabled printers could leak the network’s WPS PIN:

http://IP_ADDRESS:8080/IoMgmt/Adapters/wifi0/WPS/Pin

The good news is that the security vulnerability was disclosed responsibly to Hewlett-Packard, and firmware updates for affected printers are available for users to download.

The bad news is that many printer owners probably aren’t aware that the security issue exists, or simply won’t bother to apply the firmware update.

According to the security advisory published by Hewlett-Packard, a patch for the vulnerability is available the following printers: HP LaserJet Pro P1102w, HP LaserJet Pro P1606dn, HP LaserJet Pro M1212nf MFP, HP LaserJet Pro M1213nf MFP, HP LaserJet Pro M1214nfh MFP, HP LaserJet Pro M1216nfh MFP, HP LaserJet Pro M1217nfw MFP, HP LaserJet Pro M1218nfs MFP, and HP LaserJet Pro CP1025nw.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One comment on “HP Printer security flaw allows hackers to extract passwords”

  1. I dont quite get it. This does not seem like it was done by accident; in fact it is rather obvious that these URLs were there for a reason. How could one think that storing a root password or WPS pin in plain text/hex is acceptable? Why the software developer did this I have no clue.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.