Unrated severityNVD Advisory· Published Nov 17, 2010· Updated Apr 29, 2026

CVE-2010-4107

Description

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

Affected products

HP/Color Laserjet Mfp
cpe:2.3:h:hp:color_laserjet_mfp:*:*:*:*:*:*:*:*
HP/Laserjet 4100
cpe:2.3:h:hp:laserjet_4100:*:*:*:*:*:*:*:*
HP/Laserjet 4200
cpe:2.3:h:hp:laserjet_4200:*:*:*:*:*:*:*:*
HP/Laserjet 4300
cpe:2.3:h:hp:laserjet_4300:*:*:*:*:*:*:*:*
HP/Laserjet 5100
cpe:2.3:h:hp:laserjet_5100:*:*:*:*:*:*:*:*
HP/Laserjet 8150
cpe:2.3:h:hp:laserjet_8150:*:*:*:*:*:*:*:*
HP/Laserjet Mfp
cpe:2.3:h:hp:laserjet_mfp:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/42238nvdVendor Advisory
www.vupen.com/english/advisories/2010/2987nvdVendor Advisory
securityreason.com/securityalert/8328nvd
securitytracker.com/idnvd
www.exploit-db.com/exploits/15631nvd
www.itrc.hp.com/service/cki/docDisplay.donvd
www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdfnvd
www.securityfocus.com/bid/44882nvd
exchange.xforce.ibmcloud.com/vulnerabilities/63261nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.024
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000