SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   Samsung Printer Vendors:   Samsung
Samsung Printers Hardcoded Password Lets Remote Users Gain Administrative Access
SecurityTracker Alert ID:  1027819
SecurityTracker URL:  http://securitytracker.com/id/1027819
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 29 2012
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): firmware prior to October 31, 2012.
Description:   A vulnerability was reported in Samsung Printers. A remote user can gain administrative access.

The printer firmware contains a hard-coded SNMP full read-write community string. A remote user with knowledge of the password can gain administrative access via SNMP.

Disabling SNMP via the printer management utility does not remove the password.

Printer firmware issued on or prior to October 31, 2012 is affected.

Some Dell printers are also affected.

The original advisory is available at:

http://www.kb.cert.org/vuls/id/281284

Neil Smith reported this vulnerability.

Impact:   A remote user can gain administrative access.
Solution:   Firmware released after October 31, 2012 is not vulnerable.

The vendor plans to issue a patch tool later this year for firmware versions released on or prior to October 31, 2012.

Vendor URL:  www.samsung.com/ (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC