Login Sign Up

CVE-2022-48311

9.0 CRITICAL
Cross-Site Scripting

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in HP Deskjet 2540 series printers that allows authenticated attackers to inject malicious scripts via the HTTP configuration page. The vulnerability affects printers with firmware version CEP1FN1418BR and product model A9U23B. Note that these products are no longer supported by HP.

💻 Affected Systems

Products:
  • HP Deskjet 2540 series printers
Versions: Firmware version CEP1FN1418BR
Operating Systems: Printer firmware only
Default Config Vulnerable: ⚠️ Yes
Notes: Product model number A9U23B. This affects products that are no longer supported by HP.

📦 What is this software?

Deskjet 2540 A9u23b Firmware by Hp

View all CVEs affecting Deskjet 2540 A9u23b Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could execute arbitrary JavaScript in the printer's web interface, potentially stealing session cookies, performing actions as the authenticated user, or redirecting to malicious sites.

🟠

Likely Case

An attacker with access to the printer's web interface could inject scripts that steal credentials or perform unauthorized configuration changes.

🟢

If Mitigated

With proper network segmentation and access controls, the impact is limited to the printer's web interface only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to the printer's web interface. Public proof-of-concept code is available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch is available as these products are no longer supported by HP.

🔧 Temporary Workarounds

Disable HTTP configuration interface

all

Disable the web interface if not required for operations

Access printer settings via physical interface or other management methods

Network segmentation

all

Isolate printer on separate VLAN with restricted access

Configure network switches/routers to place printer on isolated VLAN

🧯 If You Can't Patch

  • Replace affected printers with supported models
  • Implement strict access controls to printer management interface

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface or physical display. If firmware is CEP1FN1418BR and model is A9U23B, it is vulnerable.

Check Version:

Access printer web interface at http://[printer-ip] and check firmware version in settings

Verify Fix Applied:

Since no patch is available, verification involves implementing workarounds and testing that web interface is no longer accessible or properly segmented.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP POST requests to printer configuration pages
  • Multiple failed authentication attempts followed by successful login

Network Indicators:

  • HTTP traffic to printer web interface containing script tags or JavaScript payloads

SIEM Query:

source_ip="printer_ip" AND (http_method="POST" AND uri CONTAINS "/hp/device/") AND (http_user_agent CONTAINS "script" OR http_content CONTAINS "<script>")

📊 Metadata

CVE ID: CVE-2022-48311
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: February 6, 2023
Last Updated: March 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48311, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)