Executive Summary

Title Samsung Printer firmware contains a hardcoded SNMP community string
Name VU#281284 First vendor Publication 2012-11-26
Vendor VU-CERT Last vendor Modification 2012-12-07
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#281284

Samsung Printer firmware contains a hardcoded SNMP community string

Original Release date: 26 Nov 2012 | Last revised: 07 Dec 2012


Samsung printers contain a hardcoded SNMP community string that could allow a remote attacker to take control of an affected device.


Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility.


A remote, unauthenticated attacker could access an affected device with administrative read/write privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and possibility the ability to leverage further attacks through arbitrary code execution.


Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices.

Dell also indicated that they have released updated firmware for all affected models currently being sold to address this vulnerability. A copy of this updated firmware is available for download at: http://del.ly/PrinterSNMPFix

Block Port 1118/udp

The reporter has stated that blocking the custom SNMP trap port of 1118/udp will help mitigate the risks.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location. (e.g. Using IP filtering and Mac address filtering)

Disable SNMP protocol

Samsung is advising end users to disable SNMPv1, 2 or use the secure SNMPv3 mode until the firmware updates are released.
*Note that the vulnerability reporter has stated that the community string that remains active even when SNMP is disabled in the printer management utility.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Dell Computer Corporation, Inc.Affected23 Aug 201207 Dec 2012
SamsungAffected23 Aug 201229 Nov 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)



  • http://del.ly/PrinterSNMPFix


Thanks to Neil Smith for reporting this vulnerability

This document was written by Katie Steiner

Other Information

  • CVE IDs:CVE-2012-4964
  • Date Public:26 Nov 2012
  • Date First Published:26 Nov 2012
  • Date Last Updated:07 Dec 2012
  • Document Revision:49


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/281284

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OpenVAS Exploits

Date Description
2012-11-28 Name : Samsung Printer SNMP Hardcoded Community String Authentication Bypass Vulnera...
File : nvt/secpod_samsung_printer_snmp_auth_bypass_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Samsung printer default community string
RuleID : 24814 - Revision : 6 - Type : PROTOCOL-SNMP

Nessus® Vulnerability Scanner

Date Description
2012-12-03 Name : The remote printer has a backdoor administrator account.
File : snmp_samsung_printer_backdoor.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 12:07:42
  • Multiple Updates
2014-01-19 21:31:03
  • Multiple Updates
2012-12-07 17:19:43
  • Multiple Updates
2012-12-07 17:18:19
  • Multiple Updates
2012-12-04 00:19:39
  • Multiple Updates
2012-12-04 00:18:13
  • Multiple Updates
2012-12-03 21:21:18
  • Multiple Updates
2012-12-03 21:19:52
  • Multiple Updates
2012-11-29 21:21:48
  • Multiple Updates
2012-11-29 21:20:25
  • Multiple Updates
2012-11-29 17:19:26
  • Multiple Updates
2012-11-29 17:18:11
  • Multiple Updates
2012-11-28 21:20:35
  • Multiple Updates
2012-11-28 17:19:23
  • Multiple Updates
2012-11-28 13:23:03
  • Multiple Updates
2012-11-27 00:20:48
  • First insertion