header-logo
Suggest Exploit
vendor:
PhaserLink Printer
by:
SecurityFocus
7,5
CVSS
HIGH
Remote Password Retrieval
N/A
CWE
Product Name: PhaserLink Printer
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Tektronix PhaserLink Printer Remote Password Retrieval Vulnerability

Certain versions of the Tektronix PhaserLink printer ship with a webserver designed to help facilitate configuration of the device. This service is essentially administrator level access as it can completely modify the system characteristics, restart the machine, asign services etc. In at least one version of this printer there are a series of undocumented URL's which will allow remote users to retrieve the administrator password. Once the password is obtained by the user, they can manipulate the printer in any way they see fit.

Mitigation:

Disable the web server on the printer or restrict access to it.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/806/info


Certain versions of the Tektronix PhaserLink printer ship with a webserver designed to help facilitate configuration of the device. This service is essentially administrator level access as it can completely modify the system characteristics, restart the machine, asign services etc.

In at least one version of this printer there are a series of undocumented URL's which will allow remote users to retrieve the administrator password. Once the password is obtained by the user, they can manipulate the printer in any way they see fit.

To obtain the administrator password:

http://printername/ncl_items.html?SUBJECT=2097

Navigation

Suggest Exploit

Services By CQR