[LINK] Samsung printer backdoor
stephen at melbpc.org.au
stephen at melbpc.org.au
Thu Nov 29 04:23:36 AEDT 2012
CERT Vulnerability Note VU#281284
Samsung Printer firmware contains a backdoor administrator account
Release: 26/11/2012 Revised: 28/11/2012 www.kb.cert.org/vuls/id/281284
Samsung printers contain a hardcoded account that could allow a remote
attacker to take control of an affected device.
Description:
Samsung printers (as well as some Dell printers manufactured by Samsung)
contain a hardcoded SNMP full read-write community string that remains
active even when SNMP is disabled in the printer management utility.
Impact:
A remote, unauthenticated attacker could access an affected device with
administrative privileges. Secondary impacts include: the ability to make
changes to the device configuration, access to sensitive information
(e.g., device and network information, credentials, and information
passed to the printer), and the ability to leverage further attacks
through arbitrary code execution.
Solution:
Samsung and Dell have stated that models released after October 31, 2012
are not affected by this vulnerability. Samsung and Dell have also
indicated that they will be releasing a patch tool later this year to
address vulnerable devices.
Block Port 1118/udp:
The reporter has stated that blocking the custom SNMP trap port of
1118/udp will help mitigate the risks.
Restrict Access:
As a general good security practice, only allow connections from trusted
hosts and networks. Restricting access would prevent an attacker from
accessing an SNMP interface using the affected credentials from a blocked
network location
--
Cheers,
Stephen
Message sent using MelbPC WebMail Server
More information about the Link
mailing list