cbcvebase.
CVE-2018-5921
published 2018-10-03

CVE-2018-5921: A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is…

PriorityP340high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
0.74%
50.0th percentile
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.

Affected

197 ranges· showing 25
VendorProductVersion rangeFixed in
hpa2w75a_firmware< 2405129_0000542405129_000054
hpa2w76a_firmware< 2405129_0000542405129_000054
hpa2w77a_firmware< 2405129_0000572405129_000057
hpa2w78a_firmware< 2405129_0000572405129_000057
hpa2w79a_firmware< 2405129_0000572405129_000057
hpb3g84a_firmware< 2405129_0000402405129_000040
hpb3g85a_firmware< 2405129_0000402405129_000040
hpb3g86a_firmware< 2405129_0000402405129_000040
hpb5l04a_firmware< 2405129_0000502405129_000050
hpb5l05a_firmware< 2405129_0000502405129_000050
hpb5l06a_firmware< 2405129_0000502405129_000050
hpb5l07a_firmware< 2405129_0000502405129_000050
hpb5l26a_firmware< 2405129_0000562405129_000056
hpb5l39a_firmware< 2405129_0000562405129_000056
hpb5l46a_firmware< 2405129_0000382405129_000038
hpb5l47a_firmware< 2405129_0000382405129_000038
hpb5l48a_firmware< 2405129_0000382405129_000038
hpb5l49a_firmware< 2405129_0000382405129_000038
hpb5l50a_firmware< 2405129_0000382405129_000038
hpb5l54a_firmware< 2405129_0000382405129_000038
hpc2s11a_firmware< 2405129_0000552405129_000055
hpc2s11v_firmware< 2405129_0000552405129_000055
hpc2s12a_firmware< 2405129_0000552405129_000055
hpc2s12v_firmware< 2405129_0000552405129_000055
hpca251a_firmware< 2405129_0000422405129_000042

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.