Title: OKI C5510MFP Printer Unauthorized Access Vulnerability
Severity: CRITICAL
Description:
The OKI C5510MFP Printer is a multifunction, networked printing device.
The printer is prone to an unauthorized-access vulnerability because it obtains configuration details and administrator passwords in an insecure manner. Configuration settings and administrator passwords are sent to the device in clear text over TCP port 5548 from a web-based applet. The device's Network Setup Tool client connects to the device over TCP port 7777 and also transmits configuration details and administrator passwords in clear text. Also, attackers can set passwords without prior authentication or can obtain them through man-in-the-middle attacks.
An attacker can exploit this issue to set arbitrary printer configuration settings and administrative passwords. The impact of a successful exploit will vary depending on the settings reconfigured.
Affected Products:
- OKI Printing Solutions C5510 MFP Printer
References:
- OKI Printing Solutions: Vendor Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
