This privileged access could also be used to change the device configuration, access sensitive information stored on it (credentials, network configuration, etc.), and even to mount additional attacks through arbitrary code execution, US-CERT claims.
The hardcoded account is present in all printers released before October 31, 2012 - and that's a lot of printers. Still, Samsung is not rushing out a patch - the manufacturer has only said that it will be pushed out "later this year."
"As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location," US-CERT advises, especially because the hardcoded account remains active even if SNMP is disabled in the printer management utility.
UPDATE: Samsung reached out to us to day, issuing a helpful statement about this problem:
Samsung is aware of and has resolved the security issue affecting Samsung network printers and multifunction devices. The issue affects devices only when SNMP is enabled, and is resolved by disabling SNMP.
We take all matters of security very seriously and we are not aware of any customers who have been affected by this vulnerability. Samsung is committed to releasing updated firmware for all current models by November 30, with all other models receiving an update by the end of the year. However, for customers that are concerned, we encourage them to disable SNMPv1,2 or use the secure SNMPv3 mode until the firmware updates are made.
For further information, customers may contact Samsung customer service at 1-866-SAM4BIZ for business customers or 1-800-SAMSUNG for consumers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.