Samsung Printer SCX-6X55X Improper Access Control (CVE-2021-42913)
Samsung Printer SCX-6x55X Series SyncThru Web Service is affected by an improper access control vulnerability. The vulnerability can permit an attacker to gain access to a list of SMB users and passwords.
The multifunctional printers, Samsung Printer SCX-6X55X in particular, allow you to perform scans and send the scanned files directly to the server via SMB, as long as, obviously, you have previously registered users. You only can register or modify users if you’re logged as administrator.
Even if you are not authenticated, you can access the smb server list entry..
.. and still get the clear text password by inspecting the page’s source code.
There will be scenarios that it will be impossible to manually enumerate input by input for each user. So you can download (export) the configuration of the smb server entries with the credentials in plain text.
I made this simple code in python, using the requests library to perform the proof of concept. You can access it by clicking here.
The export output of the smb entries will look like this.
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42913