Samsung and Dell printers contain a backdoor administrator account that cannot be disabled, and which can be used to take control of the device and launch further attacks on a network, the Computer Emergency Response Team (CERT) said in an advisory.
Samsung is the manufacturer of the printers. The devices contain a Simple Network Management Protocol (SNMP) community string with full read and write privileges.
Even if SNMP is disabled in the printers' management utilities, the community string remains active and the device vulnerable, CERT said.
CERT warned that "a remote, unauthenticated attacker could access an affected device with administrative privileges."
Such an attacker has "the ability to make changes to the device configuration, access to sensitive information (eg., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution," according to CERT.
To mitigate against the security flaw, CERT suggested firewalling off the SNMP trap port at 1118 UDP and to ensure the printers do not face the Internet.
Dell and Samsung have both said they will release patches to rectify the vulnerability and that printers sold after October this year are unaffected.
The researcher who confirmed the flaw and reported it to CERT, Neil Smith, has posted an SNMP Management Information Base (MIB) file on Tumblr that can be used to exploit the security hole.
Smith said that the community string has been found in printer firmware dating back to 2004.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
