Security Market Segment LS
Wednesday, 28 November 2012 10:24

SNMP sloppiness sees Samsung printers security slip

By

CERT has warned of a vulnerability that opens some Samsung and Dell printers to remote attack.

According to a CERT vulnerability note, Samsung's networked printers along with certain Dell printers manufactured by Samsung "contain a hardcoded account that could allow a remote attacker to take control of an affected device."

This is not good.

Even if SNMP is disabled, this "backdoor administrator account" is still active and could be used by an attacker to access the printer.

From there, he or she may be able to change the printer's configuration, access information including credentials and information sent to the printer, and potentially run undesirable code in the printer.

Models released after October 31, 2012 are not affected, but the company won't be releasing a patch until "later this year" (which translates to "in the next few weeks").

In the meantime, a partial defence might be to block SNMP traffic at the firewall, but that would not stop an inside attack.

A list of models affected by this vulnerability was not provided, so until those details are provided the cautious approach would be to assume it applies to all network-capable printers with SNMP support that were released by Samsung or Dell prior to this month.


Subscribe to Newsletter here

WEBINAR 12 AUGUST - Why is Cyber Security PR different?

This webinar is an introduction for cyber security companies and communication professionals on the nuances of cyber security public relations in the Asia Pacific.

Join Code Red Security PR Network for a virtual conversation with leading cyber security and ICT journalists, Victor Ng and Stuart Corner, on PR best practices and key success factors for effective communication in the Asian Pacific cyber security market.

You will also hear a success story testimonial from Claroty and what Code Red Security PR has achieved for the brand.

Please register here by 11 August 2020 and a confirmation email, along with instructions on how to join the webinar will be sent to you after registration.

Aug 12, 2020 01:00 PM in Canberra, Melbourne, Sydney. We look forward to seeing you there!

REGISTER NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research & Case Studies

Channel News

Comments