There is an alert warning users of Samsung printers and some Dell printers manufactured by Samsung about the presence of a hardcoded account that could allow remote attackers to access an affected device with administrative privileges.
This privileged access could also change the device configuration, access sensitive information stored on it (credentials, network configuration, etc.), and even mount additional attacks through arbitrary code execution, according to a report on US-CERT.
The hardcoded account is present in all printers released before October 31, 2012. Samsung is not rushing out a patch saying it will come out “later this year.”
“As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location,” US-CERT said, especially because the hardcoded account remains active even if SNMP is disabled in the printer management utility.
Samsung said it is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.
“We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability,” officials said in a statement.
Samsung will release updated firmware for all current models by November 30, with all other models receiving an update by the end of the year.