HIGH🇵🇱 Wersja polska

CVE-2008-4419

CVSS 7.8v2.0pub. 2009-02-05upd. 2026-04-23

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:N/A:N
  • HP 9200c Digital Sender

    HW
    Hp
    ≤ 20081211_09.131.1
  • HP Color Laserjet 4370mfp

    HW
    Hp
    ≤ 20081211_46.211.2
  • HP Color Laserjet 9500mfp

    HW
    Hp
    ≤ 20070719_05.011.2
  • HP Laserjet 2410

    HW
    Hp
    ≤ 20070410_08.112.3
  • HP Laserjet 2420

    HW
    Hp
    ≤ 20070410_08.112.3
  • HP Laserjet 2430

    HW
    Hp
    ≤ 20070410_08.112.3
  • HP Laserjet 4250

    HW
    Hp
    ≤ 20080319_08.015.0
  • HP Laserjet 4345mfp

    HW
    Hp
    ≤ 20081211_09.131.1
  • HP Laserjet 4350

    HW
    Hp
    ≤ 20080319_08.015.0
  • HP Laserjet 9040

    HW
    Hp
    ≤ 20080204_08.110.0
  • HP Laserjet 9040mfp

    HW
    Hp
    ≤ 20080204_08.110.0
  • HP Laserjet 9050

    HW
    Hp
    ≤ 20080204_08.110.0
  • HP Laserjet 9050mfp

    HW
    Hp
    ≤ 20080204_08.110.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2011-4785HIGH7.8ten sam produkt

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmw...

CVE-2011-4161HIGH10.0ten sam produkt

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMx...

CVE-2009-0941HIGH7.6ten sam produkt

The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no manage...

CVE-2012-5221MEDIUM5.0ten sam produkt

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, ...

CVE-2009-2684MEDIUM4.3ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain ...