TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-1997

MEDIUM
5.3

Beschreibung

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

CVE Details

CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/10/2026
Zuletzt geandert2/12/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

hp:d9l18ahp:d9l18a_firmwarehp:d9l20ahp:d9l20a_firmwarehp:d9l21ahp:d9l21a_firmwarehp:d9l63ahp:d9l63a_firmwarehp:d9l64ahp:d9l64a_firmwarehp:g5j38ahp:g5j38a_firmwarehp:g5j56ahp:g5j56a_firmwarehp:j3p65ahp:j3p65a_firmwarehp:j3p66ahp:j3p66a_firmwarehp:j3p67ahp:j3p67a_firmwarehp:j3p68ahp:j3p68a_firmwarehp:j6x76ahp:j6x76a_firmwarehp:j6x77ahp:j6x77a_firmwarehp:j6x78ahp:j6x78a_firmwarehp:j6x79ahp:j6x79a_firmwarehp:j6x80ahp:j6x80a_firmwarehp:j6x81ahp:j6x81a_firmwarehp:j6x83ahp:j6x83a_firmwarehp:k7s32ahp:k7s32a_firmwarehp:k7s37ahp:k7s37a_firmwarehp:k7s38ahp:k7s38a_firmwarehp:k7s39ahp:k7s39a_firmwarehp:k7s40ahp:k7s40a_firmwarehp:k7s41ahp:k7s41a_firmwarehp:k7s42ahp:k7s42a_firmwarehp:k7s43ahp:k7s43a_firmwarehp:l3t99ahp:l3t99a_firmwarehp:m9l65ahp:m9l65a_firmwarehp:m9l66ahp:m9l66a_firmwarehp:m9l67ahp:m9l67a_firmwarehp:m9l70ahp:m9l70a_firmwarehp:t0g46ahp:t0g46a_firmwarehp:t0g47ahp:t0g47a_firmwarehp:t0g48ahp:t0g48a_firmwarehp:t0g49ahp:t0g49a_firmwarehp:t0g56ahp:t0g56a_firmwarehp:t0g65ahp:t0g65a_firmwarehp:t0g70ahp:t0g70a_firmwarehp:t1p99ahp:t1p99a_firmwarehp:y0s18ahp:y0s18a_firmwarehp:y0s19ahp:y0s19a_firmware

Schwachen (CWE)

CWE-346

Referenzen

https://support.hp.com/us-en/document/ish_14051823-14051849-16/hpsbpi04086(hp-security-alert@hp.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.