FollowSamsung-manufactured printers are vulnerable to remote attack, US Computer Emergency Readiness Team (US-CERT) reports. The flaw lies in the Simple Network Management Protocol (SNMP) implementation.
This refers to printer models built before October 31, 2012. Those printers have an administrator account backdoor that makes attacks possible. The attack can be to alter configurations, access saved information, read network data and possibly run codes that can be malicious. This SNMP account has read and write access permissions and can be reached by network assault even when turned off via the maintenance utility of the printer.
US-CERT mentioned in a report regarding a flaw which Samsung indicated to address by releasing a patch tool. The group recommends that users must restrict the access of the printers and give it only to IP addresses which they can trust. However, US-CERT did not publish the list of printers that are affected. It gave a note though that Dell-branded printers which are Samsung-manufactured are affected as well.
To prevent the remote exploit, disabling SNMP version 1 and version 2 of the level of the network may help. SNMP version 3 is said to be secure.
SNMP has been a network management dominant protocol which is designed to be an essential management tool to meet management needs of networks. SNMP has one or more computer units as managers which oversee the status of devices that are attached to a computer network such as printers, routers, modems, workstations, etc.
Samsung promised to issue printer firmware fix today which is basically to disable some of SNMP access permissions.
Leave a Reply