Samsung printers contain hidden, hard-coded management account

Many Samsung printers contain a hidden device-management account that cannot be disabled, and could allow attackers to compromise networks.

Samsung printers released before October 31, 2012, have been found to contain a hard-coded account that could allow an attacker to remotely take control of the device.

As described in a vulnerability note released by the US Computer Emergency Response Team (CERT), affected printers have a Simple Network Management Protocol (SNMP) account programmed into their firmware. This account continues to permit access to the device even if SNMP functions are disabled in the printer's management utility. Some Dell printers manufactured by Samsung are also affected.

SNMP allows administrators to manage or monitor networked devices, such as printers, routers, or even servers, meaning that attackers could easily change any of the affected printers' settings. An attacker could also capture any network traffic that the printer would normally have access to.

The vulnerability note also states that when compromised this way, an attacker could use the printer to execute further attacks. Such an example could include finding another vulnerability in the device to allow the attacker to execute arbitrary code.

Samsung is working on releasing a patch to address the vulnerable devices, and expects to release it later this year.