CVE-2019-6332

Summary

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.

Affected Software

VendorProductVersion RangeStatus
HP Inc.HP DeskJet 2600 All-in-One Printer series4UJ28Baffected
HP Inc.HP DeskJet 2600 All-in-One Printer seriesV1N01A - V1N08Aaffected
HP Inc.HP DeskJet 2600 All-in-One Printer seriesY5H60A - Y5H80Aaffected
HP Inc.HP DeskJet Ink Advantage 2600 All-in-One Printer seriesV1N02A - V1N02Baffected
HP Inc.HP DeskJet Ink Advantage 2600 All-in-One Printer seriesY5Z00A - Y5Z04Baffected
HP Inc.HP DeskJet Ink Advantage 5000 All-in-One Printer seriesM2U86A - M2U89Baffected
HP Inc.HP DeskJet Ink Advantage 5200 All-in-One Printer seriesM2U76A - M2U78Baffected
HP Inc.HP ENVY 5000 All-in-One Printer seriesM2U85A - M2U85Baffected
HP Inc.HP ENVY 5000 All-in-One Printer seriesM2U91A - M2U94Baffected
HP Inc.HP ENVY 5000 All-in-One Printer seriesZ4A54A - Z4A74Aaffected
HP Inc.HP ENVY Photo 6200 All-in-One Printer seriesK7G18A-K7G26Baffected
HP Inc.HP ENVY Photo 6200 All-in-One Printer seriesK7S21Baffected
HP Inc.HP ENVY Photo 6200 All-in-One Printer seriesY0K13D - Y0K15Aaffected
HP Inc.HP ENVY Photo 7100 All-in-One Printer series3XD89Aaffected
HP Inc.HP ENVY Photo 7100 All-in-One Printer seriesK7G93A-K7G99Aaffected
HP Inc.HP ENVY Photo 7100 All-in-One Printer seriesZ3M37A - Z3M52Aaffected
HP Inc.HP ENVY Photo 7800 All-in-One Printer seriesK7R96Aaffected
HP Inc.HP ENVY Photo 7800 All-in-One Printer seriesK7S00A - K7S10Daffected
HP Inc.HP ENVY Photo 7800 All-in-One Printer seriesY0G42D - Y0G52Baffected
HP Inc.HP Ink Tank Wireless 410 seriesZ4B53A - Z4B55Aaffected
HP Inc.HP Ink Tank Wireless 410 seriesZ6Z95A - Z6Z99Aaffected
HP Inc.HP Ink Tank Wireless 410 series4DX94A - 4DX95Aaffected
HP Inc.HP Ink Tank Wireless 410 series4YF79Aaffected
HP Inc.HP Ink Tank Wireless 410 seriesZ7A01Aaffected
HP Inc.HP OfficeJet 5200 All-in-One Printer seriesM2U75Aaffected
HP Inc.HP OfficeJet 5200 All-in-One Printer seriesM2U81A-M2U84Baffected
HP Inc.HP OfficeJet 5200 All-in-One Printer seriesZ4B12A - Z4B14Aaffected
HP Inc.HP OfficeJet 5200 All-in-One Printer seriesZ4B27A - Z4B29Aaffected
HP Inc.HP Smart Tank Wireless 450 seriesZ4B56Aaffected
HP Inc.HP Smart Tank Wireless 450 seriesZ6Z96A - Z6Z98Aaffected

Weaknesses

  • Cross-site Scripting (XSS) in HP InkJet Printers

ADP Enrichment

CVE Program Container

Additional References

References