PROBLEM:
Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
PLATFORM:
The Samsung printer firmware before 20121031
ABSTRACT:
Samsung (as well as some Dell printers manufactured by Samsung) issued a security advisory and an optional firmware update for all current Samsung networked laser printers and multifunction devices to enhance Simple Network Management Protocol (SNMP) security.
REFERENCE LINKS:
Samsung Security Advisory
Vulnerability Note VU#281284
Bugtraq ID: 56692
CVE-2012-4964
IMPACT ASSESSMENT:
Medium
DISCUSSION:
Samsung and Dell printers are prone to an unauthorized-access vulnerability because they contain a backdoor administrator account.
The issue affects devices only when SNMP is enabled.
IMPACT:
Attackers can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks.
SOLUTION:
The update is now available for most currently sold models, please visit the Samsung Download Center or Dell Support