A little Samsung printers cover a hardcoded
password which attackers possibly will get through to increase backdoor access
to precision networks, according to a current security caution.
The undeviating password in the field of
Samsung printers and Dell-branded printers from Samsung, cannot be present
disabled before untouched by users, the United States workstation Emergency
quickness Team US-CERT) warned keep up Monday in the field of an advisory. The
password distribution does not exist in the field of Samsung models released
considering Oct. 31.
A remote, unauthenticated enemy possibly
will access an affected device with administrative privileges and cause to feel
changes to the device configuration, have a passion for data more or less
procedure connected to the exchange ideas and all in order sent to the laser
copier, and somewhat implement code on the laser copier, CERT warned. Attackers
possibly will make on top of the exchange ideas by using the undeviating
financial credit. Just the once in the field of, they possibly will launch
extra attacks in contrast to other procedure on the exchange ideas.
"Samsung printers contain a hardcoded
SNMP satiated read-write neighborhood sequence so as to remains full of life
even whilst SNMP is disabled in the field of the laser copier management
service," the CERT advisory thought.
Details of the Vulnerability
Samsung is aware of the distribution and is
preparing a area tool to be present released soon this time to take in hand
vulnerable procedure, the advisory thought. Until at that moment, CERT
recommended administrators situate up the laser copier to take connection
attempts no more than from trusted hosts and exchange ideas, and decline all
outside attempts using the hardcoded password.
Security researcher Neil Smith in print
extra details more or less the built-in password on Tuesday. The no more than
printers so as to weren't affected by the undeviating password distribution
were "serious high-end" Samsung printers which run a various memory
chip and operating scheme, Smith wrote on Twitter. HD Moore, Rapid7's chief
security police officer and chief builder, incorrigible on Twitter the
vulnerability existed on his Samsung SCX-472x cycle laser copier.
Smith and suggested Samsung has not been
very approachable more or less ultimate the vulnerability. "It's been
frustrating working with Samsung. Home ITsec by the side of S incorrigible it.
Kr:Command center pulled them inedible. CERT pubd and so did I," Smith
wrote on Twitter.
没有评论:
发表评论