Some printers manufactured by Samsung have found to be vulnerable to remotely taken over by an attacker.
According to a vulnerability note (VU no. 281284) issued by the US Computer Emergency Response Team (CERT) this week, some Samsung printers (Samsung and Dell branded) contain a hardcoded SNMP community string that could allow a remote attacker to take control of an affected device. The most important part is that the hardcoded account in their firmware that can't be disabled by users mentions InformationWeek.
The warning says “A remote, unauthenticated attacker could access an affected device with administrative read/write privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and possibility the ability to leverage further attacks through arbitrary code execution.”
This would mean, explains InformationWeek, that after accessing the admin account, attackers could theoretically transform the printer into a malware-spewing attack platform which will be able to target any other network-connected device located inside the same network segment or firewall.
Samsung has already acknowledged the vulnerability is supposed to release a security patch soon. Samsung has not revealed the printer model names yet, but has confirmed that Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability.
[Image: Indicative images of Samsung printers]