Tektronix Printer
Created 5/4/01
CAN 2001-0484
Impact
A remote attacker could gain control over the printer
or create a denial of service which causes physical
damage to the printer.
Background
The Tektronix
line of printers offers an HTTP interface which
allows remote configuration through a standard web browser.
The Problem
An undocumented web-based configuration page (backdoor) allows any user with web access to
take control of the web server without requiring any authentication.
Furthermore, an attacker could use the Emergency Power Off
option to shut off the printer without properly shutting it down,
thus causing physical damage to the printer.
Resolution
On older printers, the web interface can be shut off
using the On switch on the ncl_items.html&SUBJECT=2097
web page. On newer printers the web interface cannot be shut off,
and the only solution is to protect the printer by placing it
behind a firewall.
Where can I read more about this?
This vulnerability was posted to
Bugtraq.