@tuckfheman / tuckfheman.tumblr.com
My diploma project is a compact inkjet printer, which is placed on top of a paper pile. When printing, “Stack” slowly moves downwards and swallows the pile until no paper is left. The paper disappears under the printer and exits on top, where it creates a new pile.
Thanks to this new way of printing it is possible to remove the paper tray, the bulkiest element in common printers. This concept allows a very light appearance and avoids frequent reloading.
Vulnerability Note VU#281284 Samsung Printer firmware contains a hardcoded SNMP community string
Overview Samsung printers contain a hardcoded SNMP community string that could allow a remote attacker to take control of an affected device.
Description Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.
This hard coded admin account in firmware could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users.
Even if SNMP is disabled, this "backdoor administrator account" is still active and could be used by an attacker to access the printer. SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices.
US-CERT did not provide a list with the exact printer models affected by the issue, but said that, according to Samsung, models released after Oct. 31, 2012, are not vulnerable. As for the Dell model, Samsung builds Dell printers such as the B1160w modeled after Samsung's ML-2165W compact all-in-one printer. It's unclear what other Dell branded printers may be affected.
- Mohit Kumar, The Hacker News
Impact A remote, unauthenticated attacker could access an affected device with administrative read/write privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and possibility the ability to leverage further attacks through arbitrary code execution.
Solution Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung and Dell have also indicated that they will be releasing a patch tool later this year to address vulnerable devices. Block Port 1118/udp The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks. Restrict Access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location. (e.g. Using IP filtering and Mac address filtering) Disable SNMP protocol Samsung is advising end users to disable SNMPv1, 2 or use the secure SNMPv3 mode until the firmware updates are released. *Note that the vulnerability reporter has stated that the community string that remains active even when SNMP is disabled in the printer management utility.
