[LINK] Samsung printer backdoor

[stephen at melbpc.org.au]

CERT Vulnerability Note VU#281284

Samsung Printer firmware contains a backdoor administrator account

Release: 26/11/2012 Revised: 28/11/2012 www.kb.cert.org/vuls/id/281284

Samsung printers contain a hardcoded account that could allow a remote 
attacker to take control of an affected device.

Description:
Samsung printers (as well as some Dell printers manufactured by Samsung) 
contain a hardcoded SNMP full read-write community string that remains 
active even when SNMP is disabled in the printer management utility.
 
Impact:
A remote, unauthenticated attacker could access an affected device with 
administrative privileges. Secondary impacts include: the ability to make 
changes to the device configuration, access to sensitive information 
(e.g., device and network information, credentials, and information 
passed to the printer), and the ability to leverage further attacks 
through arbitrary code execution.
 
Solution:
Samsung and Dell have stated that models released after October 31, 2012 
are not affected by this vulnerability. Samsung and Dell have also 
indicated that they will be releasing a patch tool later this year to 
address vulnerable devices.
 
Block Port 1118/udp: 
The reporter has stated that blocking the custom SNMP trap port of 
1118/udp will help mitigate the risks.

Restrict Access:

As a general good security practice, only allow connections from trusted 
hosts and networks. Restricting access would prevent an attacker from 
accessing an SNMP interface using the affected credentials from a blocked 
network location
 --

Cheers,
Stephen

Message sent using MelbPC WebMail Server