How dangerous is an unsecured printer to a network?

Securing a printer with a password might not necessarily help at all. Some printers may be reset to factory defaults via SNMP over the network or SNMP commands embedded in print jobs. Some printers even might provide back doors^{(1, 2)}.

Some printers have universal computing capabilities (PostScript, Java) and services that can be accessed over the network. This may give rise to vulnerabilities that affect the network itself, e.g. cross-site printing, print job manipulation, or file system access. For an overview you might read Jens Müller, Vladislav Mladenov, Juraj Somorovsky, SoK: Exploiting Network Printers.

^{(1) http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0788}
^{(2) http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4964}
^{(3) https://www.nds.rub.de/research/publications/sok-exploiting-network-printers/}

How dangerous is an unsecured printer to a network?

Tags:

Exploit

Attack Vector

Attacks

Default Password

Related

Recent Posts