You are here

V-039: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability

December 4, 2012 - 2:00am

Addthis

PROBLEM:

Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability

PLATFORM:

The Samsung printer firmware before 20121031

ABSTRACT:

Samsung (as well as some Dell printers manufactured by Samsung)  issued a security advisory and an optional firmware update for all current Samsung networked laser printers and multifunction devices to enhance Simple Network Management Protocol (SNMP) security.

REFERENCE LINKS:

Samsung Security Advisory
Vulnerability Note VU#281284
Bugtraq ID:  56692 
CVE-2012-4964

IMPACT ASSESSMENT:

Medium

DISCUSSION:

Samsung and Dell printers are prone to an unauthorized-access vulnerability because they contain a backdoor administrator account.

The issue affects devices only when SNMP is enabled.

IMPACT:

Attackers can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks.

SOLUTION:

The update is now available for most currently sold models, please visit the Samsung Download Center or Dell Support

Addthis