Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for w2g55a by hp

    VAR-201906-0400

    Vulnerability from variot - Updated: 2024-11-23 22:06

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery. HP Color LaserJet Pro M280-M281 and MFP M28-M31 Multifunction Printer The series contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. A cross-site scripting vulnerability 2. An HTML-injection vulnerability 4. Multiple buffer-overflow vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0400",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "y5s53a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b82a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b81a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "t6b83a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s50a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b81a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b82a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b83a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s50a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s53a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "color laserjet pro mm multifunction printer series",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190419"
          },
          {
            "model": "laserjet pro mfp mm printer series web",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190419"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b80a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b81a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b82a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b83a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g55a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s50a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s53a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s55a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mario Rivas and Daniel Romero, NCC Group",
        "sources": [
          {
            "db": "BID",
            "id": "108828"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2019-6325",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-6325",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-23314",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-6325",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6325",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6325",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-23314",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-652",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-6325",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6325"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server that is potentially vulnerable to Cross-site Request Forgery. HP Color LaserJet Pro M280-M281 and MFP M28-M31 Multifunction Printer The series contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client. A cross-site scripting vulnerability\n2. An HTML-injection vulnerability\n4. Multiple buffer-overflow vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6325"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6325"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6325",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "108828",
            "trust": 0.3
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6325",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6325"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "id": "VAR-201906-0400",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.821000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "c06356322",
            "trust": 0.8,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "title": "Patch for HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries Cross-site Request Forgery Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/169503"
          },
          {
            "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series  and HP LaserJet Pro MFP M28-M31 Printer series Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93861"
          },
          {
            "title": "HP: HPSBPI03619 rev. 1 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03619"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ba64aca578c0d92038b9ebc28339506c"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=cdb96be2e472163f1a304e2ae979d5f4"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6325"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6325"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6325"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/hp-laserjet-pro-five-vulnerabilities-29557"
          },
          {
            "trust": 0.3,
            "url": "www.hp.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6325"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6325"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6325"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          },
          {
            "date": "2019-06-17T16:15:12.670000",
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23314"
          },
          {
            "date": "2019-06-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6325"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          },
          {
            "date": "2019-07-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          },
          {
            "date": "2024-11-21T04:46:24.837000",
            "db": "NVD",
            "id": "CVE-2019-6325"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 and  MFP M28-M31 Multifunction Printer Series cross-site request forgery vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005534"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-652"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0396

    Vulnerability from variot - Updated: 2024-11-23 22:06

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A cross-site scripting vulnerability exists in the wireless configuration page in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and earlier versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. A cross-site scripting vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. Multiple buffer-overflow vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0396",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "y5s53a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b82a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b81a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "t6b83a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s50a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b81a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b82a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b83a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s50a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s53a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "color laserjet pro mm multifunction printer series",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190419"
          },
          {
            "model": "laserjet pro mfp mm printer series web",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190419"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b80a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b81a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b82a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b83a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g55a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s50a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s53a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s55a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mario Rivas and Daniel Romero, NCC Group",
        "sources": [
          {
            "db": "BID",
            "id": "108828"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2019-6323",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-6323",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-23309",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-6323",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6323",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6323",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-23309",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-649",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-6323",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A cross-site scripting vulnerability exists in the wireless configuration page in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and earlier versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. A cross-site scripting vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. Multiple buffer-overflow vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6323"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6323",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "108828",
            "trust": 0.3
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6323",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6323"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "id": "VAR-201906-0396",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.786000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "c06356322",
            "trust": 0.8,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "title": "Patch for HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries Cross-Site Scripting Vulnerability (CNVD-2019-23309)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/169511"
          },
          {
            "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series  and HP LaserJet Pro MFP M28-M31 Printer series Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93858"
          },
          {
            "title": "HP: HPSBPI03619 rev. 1 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03619"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ba64aca578c0d92038b9ebc28339506c"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=cdb96be2e472163f1a304e2ae979d5f4"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6323"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6323"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/hp-laserjet-pro-five-vulnerabilities-29557"
          },
          {
            "trust": 0.3,
            "url": "www.hp.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6323"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6323"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6323"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          },
          {
            "date": "2019-06-17T16:15:12.577000",
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23309"
          },
          {
            "date": "2019-06-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6323"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          },
          {
            "date": "2019-07-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          },
          {
            "date": "2024-11-21T04:46:24.593000",
            "db": "NVD",
            "id": "CVE-2019-6323"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 and  MFP M28-M31 Multifunction Printer Series cross-site scripting vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005532"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-649"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0399

    Vulnerability from variot - Updated: 2024-11-23 22:06

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A cross-site scripting vulnerability exists in the wireless configuration page in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and earlier versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. A cross-site scripting vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. Multiple buffer-overflow vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0399",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "y5s53a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b82a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b81a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "t6b83a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s50a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b81a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b82a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b83a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s50a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s53a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "color laserjet pro mm multifunction printer series",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190419"
          },
          {
            "model": "laserjet pro mfp mm printer series web",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190419"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b80a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b81a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b82a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b83a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g55a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s50a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s53a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s55a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mario Rivas and Daniel Romero, NCC Group",
        "sources": [
          {
            "db": "BID",
            "id": "108828"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2019-6324",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-6324",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2019-23315",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2019-6324",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6324",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6324",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-23315",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-650",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-6324",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A cross-site scripting vulnerability exists in the wireless configuration page in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and earlier versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. A cross-site scripting vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. Multiple buffer-overflow vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6324"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6324",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "108828",
            "trust": 0.3
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6324",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6324"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "id": "VAR-201906-0399",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.751000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "c06356322",
            "trust": 0.8,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "title": "Patch for HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries Cross-Site Scripting Vulnerability (CNVD-2019-23315)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/169509"
          },
          {
            "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series  and HP LaserJet Pro MFP M28-M31 Printer series Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93859"
          },
          {
            "title": "HP: HPSBPI03619 rev. 1 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03619"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ba64aca578c0d92038b9ebc28339506c"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=cdb96be2e472163f1a304e2ae979d5f4"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6324"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6324"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/hp-laserjet-pro-five-vulnerabilities-29557"
          },
          {
            "trust": 0.3,
            "url": "www.hp.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6324"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6324"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6324"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          },
          {
            "date": "2019-06-17T16:15:12.623000",
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23315"
          },
          {
            "date": "2019-06-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6324"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          },
          {
            "date": "2024-11-21T04:46:24.720000",
            "db": "NVD",
            "id": "CVE-2019-6324"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 and  MFP M28-M31 Multifunction Printer Series cross-site scripting vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005533"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-650"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0401

    Vulnerability from variot - Updated: 2024-11-23 22:06

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A buffer overflow vulnerability exists in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and prior versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. A cross-site scripting vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. Multiple buffer-overflow vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0401",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "y5s53a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b82a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s54a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "w2g55a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b81a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "t6b83a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-19"
          },
          {
            "model": "y5s50a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "hp",
            "version": "2019-04-26"
          },
          {
            "model": "t6b80a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b81a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b82a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "t6b83a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "w2g55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s50a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s53a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s54a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "y5s55a",
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": "color laserjet pro mm multifunction printer series",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190419"
          },
          {
            "model": "laserjet pro mfp mm printer series",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "laserjet pro mfp m28-m31 printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190426"
          },
          {
            "model": "color laserjet pro m280-m281 multifunction printer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "20190419"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b80a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b81a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b82a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:t6b83a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:w2g55a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s50a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s53a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s54a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:y5s55a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mario Rivas and Daniel Romero, NCC Group",
        "sources": [
          {
            "db": "BID",
            "id": "108828"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2019-6326",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-6326",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-23316",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-6326",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-6326",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-6326",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-23316",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-651",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-6326",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have embedded web server attributes which may be potentially vulnerable to Buffer Overflow. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A buffer overflow vulnerability exists in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and prior versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. A cross-site scripting vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. Multiple buffer-overflow vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-6326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6326"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-6326",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "108828",
            "trust": 0.3
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6326",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6326"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "id": "VAR-201906-0401",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.717000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "c06356322",
            "trust": 0.8,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "title": "Patch for HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries Buffer Overflow Vulnerability (CNVD-2019-23316)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/169501"
          },
          {
            "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series  and HP LaserJet Pro MFP M28-M31 Printer series Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93860"
          },
          {
            "title": "HP: HPSBPI03619 rev. 1 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03619"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ba64aca578c0d92038b9ebc28339506c"
          },
          {
            "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=cdb96be2e472163f1a304e2ae979d5f4"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://support.hp.com/us-en/document/c06356322"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6326"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6326"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/hp-laserjet-pro-five-vulnerabilities-29557"
          },
          {
            "trust": 0.3,
            "url": "www.hp.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6326"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-6326"
          },
          {
            "db": "BID",
            "id": "108828"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6326"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "date": "2019-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          },
          {
            "date": "2019-06-17T16:15:12.747000",
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-23316"
          },
          {
            "date": "2019-06-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-6326"
          },
          {
            "date": "2019-05-31T00:00:00",
            "db": "BID",
            "id": "108828"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          },
          {
            "date": "2024-11-21T04:46:24.950000",
            "db": "NVD",
            "id": "CVE-2019-6326"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HP Color LaserJet Pro M280-M281 and  MFP M28-M31 Multifunction Printer Series buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005535"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-651"
          }
        ],
        "trust": 0.6
      }
    }