WooYun.org

厂商回应：

危害等级：低

漏洞Rank：5

确认时间：2015-09-10 03:07

厂商回复：

最新状态：

2015-09-22：Hello WooYun team,I am not sure why the status is that the bug is confirmed. We are still doing assessment of your report. We will provide a response after we are complete with the assessment. Please correct the status of this report.Thanks,HP PSRT

2015-10-01：Hello, here is HP's response to the report:________________________________________The HP ePrint feature is not turned on by default. The printer user/owner is required to enable ePrint in to the Web Services tab of the device’s Embedded Web Server. At that time an e-mail is created for the device. The printers e-mail address is 13 alphanumeric characters to increase security. The ePrint configuration provides the following information:“To help prevent unauthorized email, HP assigns a random email address to your printer, never publicizes this address, and by default does not respond to any sender. ePrint also provides industry-standard spam filtering and transforms email and attachments to a print-only format to reduce the threat of a virus or other harmful content.”The printer can be further protected by register it with HP’s free ePrint Service. The user can create a list of up to 500 addresses allowed to print. The ePrint configuration provides the following information:“The HP Connected website to set up increased security for ePrint, specify the email addresses that are allowed to send email to your printer”Users experiencing unauthorized access can change the email address of the affected printer at the ePrint Service website.The ability to print from a print device’s Embedded Web Server interface is standard functionality. Availability of this feature is configurable on the current generation of LaserJet printers. Please be aware printing devices accessible on the public internet may encounter unintended usage.________________________________________