According to a warning on US-CERT the administrator account is hard-coded in the device in the form of a SNMP community string with full read-write access. The backdoor is not only present in Samsung printers but also in Dell printers that have been manufacture by Samsung. The administrator account remains active even if SNMP is disabled from the printer’s administration interface.

Because of full read-write access, the data that passes through the printer is at risk of being disclosed. Beyond this, attackers can execute arbitrary code on the printer following which they may be able to use the printer as a base to carry out further attack on the network.

“Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution”, notes US-CERT.

According to the vulnerability note, the flaw is present in printers manufactured before 31 October 2012. Samsung has acknowledged the flaw and is going to release a patch tool sometime near the end of this year to fix the bug.


[Update: 28/11/2012] For more on this, read “Researcher Details Samsung SNMP Backdoor Flaw“.