Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6320

Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.

Published

2020-01-09T19:15:10.497

Last Modified

2024-11-21T04:46:24.227

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	deskjet_3630_f5s43a_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_f5s43a	-	No
Operating System	hp	deskjet_3630_f5s57a_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_f5s57a	-	No
Operating System	hp	deskjet_3630_k4t93a_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_k4t93a	-	No
Operating System	hp	deskjet_3630_k4t99c_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_k4t99c	-	No
Operating System	hp	deskjet_3630_k4u00b_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_k4u00b	-	No
Operating System	hp	deskjet_3630_k4u03b_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_k4u03b	-	No
Operating System	hp	deskjet_3630_v3f21a_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_v3f21a	-	No
Operating System	hp	deskjet_3630_v3f22a_firmware	< swp1fn1912br	Yes
Hardware	hp	deskjet_3630_v3f22a	-	No

References

https://support.hp.com/us-en/document/c06308143 Vendor Advisory ([email protected])
https://support.hp.com/us-en/document/c06308143 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)