Some printers made by Korean firm Samsung, including some printers it manufactures for Dell, have a hardcoded account that may allow a hacker to hijack them.
The US Computer Emergency Readiness Team issued the warning this week, saying this "could allow a remote attacker to take control of an affected device."
"Samsung printers (as well as some Dell printers manufactured by Samsung) contain a hardcoded SNMP (Simple Network Management Protocol) full read-write community string that remains active even when SNMP is disabled in the printer management utility," it said.
It said Samsung has indicated it will release a patch tool later this year to address vulnerable devices.
The US-CERT said a remote, unauthenticated attacker who gains administrative privileges could potentially access the affected device.
It said secondary impacts include:
the ability to make changes to the device configuration access to sensitive information including device and network information, credentials, and information passed to the printer ability to leverage further attacks through arbitrary code execution.
The US-CERT said Samsung had indicated its printer models released after October 31, 2012 are not affected by this vulnerability.
It recommended that users only allow connections from trusted hosts and networks.
"Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location," it said. — TJD, GMA News