A researcher has alerted the U.S. Computer Emergency Readiness Team (US-CERT) that Samsung printer firmware contains a hardcoded backdoor administrator account that could allow remote network access exploitation and device control.
The admin account does not require verification, opening up the devices and users' networks to potentially serious remote attacks.
So if you have a Samsung printer that isn't one month old, until Samsung releases its patch US-CERT tells us that some printer owners might be vulnerable to:
A remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution.
A successful attacker could almost certainly read print jobs. People assume that what's going to their printer is private - such as payroll data, tax forms, contracts, etc.
At this time, Samsung appears to have pulled all of its printer firmware from its support pages.
Samsung printers contain a hardcoded SNMP full read-write community string. According to US-CERT. it remains active even when SNMP is disabled in the printer management utility.
This runs counter to what Samsung's Public Relations Manager told me via email today saying, "The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made."
Some Dell printers manufactured by Samsung also have the admin account backdoor access.
@neilwillgettoit Nice work! Confirmed on my printer: Samsung Samsung SCX-472x Series; V3.00.01.07 SEP-01-2011 Engine V1.02.05 09-02-2011