Skip to main content

W1A78A Firmware CVE-2024-5143

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2024-05-23 hp-security-alert@hp.com
6.8
CVSS 3.1 · Vendor: hp
Share

Severity by source

Vendor (hp) PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Primary rating from Vendor (hp) · only source for this CVE.

CVSS VectorVendor: hp

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 23, 2024 - 17:15 cve.org
MEDIUM 6.8

DescriptionCVE.org

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.

AnalysisAI

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. Affected products include: Hp W1A78A Firmware, Hp W1A80A Firmware, Hp W1A79A Firmware, Hp W1A82A Firmware, Hp W1A81A Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2022-24293 CRITICAL
9.8 Mar 23

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execut

CVE-2022-24292 CRITICAL
9.8 Mar 23

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execut

CVE-2023-35175 CRITICAL
9.8 Jun 30

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of

CVE-2023-27973 CRITICAL
9.8 Apr 28

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. Rated c

CVE-2023-27972 CRITICAL
9.8 Apr 28

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Rated

CVE-2023-27971 CRITICAL
9.8 Apr 28

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. Rate

CVE-2022-28721 CRITICAL
9.8 Sep 26

Certain HP Print Products are potentially vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this

CVE-2023-35176 HIGH
8.8 Jun 30

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using

CVE-2023-35178 HIGH
8.8 Jun 30

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to sc

CVE-2023-35177 HIGH
8.8 Jun 30

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compac

CVE-2022-24291 HIGH
7.5 Mar 23

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execut

CVE-2025-12785 MEDIUM
6.9 Nov 13

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering

Share

CVE-2024-5143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy