Samsung issued a Hardcoded Printer Statement to customers to address a recent security flaw reported by a researcher to US-CERT this week. According to US-CERT Vulnerability Note VU#281284 published on November 26, 2012, as reported by researcher Neil Smith, Samsung printers contain a hardcoded SNMP community string that could allow a remote attacker to take control of an affected device.
The potential impact: a remote, unauthorized attacker could access an affected device with administrative read/write privileges. Additionally, according to the CERT Vulnerability Note, secondary impacts include: the ability to make changes to the device configuration, access to sensitive information, i.e. device and network information, credentials, and information passed to the printer, and possibly the ability to leverage further attacks through arbitrary code execution.
Samsung printers released after October 31, 2012 are not affected by this vulnerability, according to the CERT Note.
In response to the US-CERT note, Samsung issued the following official statement:
Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.
We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made.
For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.