Posts Tagged ‘Printer’

Epson Stylus Printers Remote Information Disclosure

February 13, 2014

Many models of Epson Stylus printers (Shodan search) answer on port 80 and give up information about the printer. Some is harmless like ink cartridge levels. But it also gives up information including internal IP address, default gateway, SSID, wireless security mode and more. The masked password it sends is just stars not the real password unfortunately!!

Models include:
BX305
BX310FN
BX320FW
BX525WD
BX620FWD
BX620FWD
NX420
NX510
Photo R2000
SX420W
SX510W
TX510FN

epson

Advertisements

Zebra Technologies TLP2844 Default Admin Code

January 10, 2014

Zebra Technologies TLP2844 label printers come with a default admin code of ‘1234’.

zebra-01

This code is needed to edit any of the settings on the device:

zebra-02

Lexmark 4000E Remote Information Disclosure

January 9, 2014

A friend pointed out Lexmark 4000E printers (Shodan search) were responsive to commands via the old finger protocol. He also pointed out there is a blog about this and a lot more at Infobyte Security as well as a full list of commands available including some specifically for the OptraImage at India Study Channel.

df:/home/df # finger setup@1.2.3.4
[1.2.3.4/1.2.3.4]

Ethernet 10/100

Network Card
Status: Connected
Speed, Duplex: 100 Mbps, Full Duplex (Auto)
Current Date and Time: 1970-01-16 11:07
End-of-Job Timeout: 90
UAA: 0020004E195C
LAA: 000000000000
Part Number: 56P2129
EC: 5C0027
Firmware Version: LC.MD.P107
Compi: 28-Nov-06 17:27, mls-bld
Password: Not Set

USB 1
NPAP Active: Yes
NPA Mode: Auto
Printer Type: Lexmark T650

TCP/IP
Active: On
Enable DHCP: Off
Enable BOOTP: Off
AutoIP: Off
Address Source: Manual
Address: 1.2.3.4
Netmask: 255.255.255.0
Gateway: 1.2.3.1
Fully Qualified Domain Name: test.example.org
WINS Status: Unregistered
WINS Server: 0.0.0.0
Zero Configuration Name: Lexmark N4000e
df:/home/df #