CVE-2021-42913 – This vulnerability in Samsung SCX-6x55X printer... (How to Fix)

Q: What is the severity of CVE-2021-42913?

CVE-2021-42913 has a CVSS score of 7.5 (HIGH). This vulnerability in Samsung SCX-6x55X printers allows unauthenticated attackers to access SMB user credentials stored in cleartext by viewing HTML source code through the SyncThru Web Service. It affects organizations using these printers with SMB file sharing enabled. No authentication is required to exploit this weakness.

📋 TL;DR

This vulnerability in Samsung SCX-6x55X printers allows unauthenticated attackers to access SMB user credentials stored in cleartext by viewing HTML source code through the SyncThru Web Service. It affects organizations using these printers with SMB file sharing enabled. No authentication is required to exploit this weakness.

💻 Affected Systems

Products:

Samsung SCX-6x55X series printers

Versions: All versions prior to patched firmware

Operating Systems: Printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects printers with SyncThru Web Service enabled and SMB file sharing configured.

📦 What is this software?

Syncthru Web Service by Samsung

View all CVEs affecting Syncthru Web Service →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to SMB credentials, potentially leading to lateral movement within the network, data exfiltration, or ransomware deployment across connected systems.

🟠

Likely Case

Attackers harvest SMB credentials to access shared network resources, potentially compromising sensitive documents and files accessible via those credentials.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the printer itself and isolated network segments.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web browser access to printer's web interface; no special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Samsung security advisory for specific firmware versions

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb

Restart Required: Yes

Instructions:

1. Access printer web interface 2. Navigate to firmware update section 3. Download latest firmware from Samsung 4. Upload and install firmware 5. Reboot printer

🔧 Temporary Workarounds

Disable SyncThru Web Service

all

Turn off the vulnerable web service interface

Access printer web interface > Settings > Network > Web Service > Disable

Disable SMB file sharing

all

Remove SMB configuration to eliminate credential exposure

Access printer web interface > Settings > Network > File Sharing > Disable SMB

🧯 If You Can't Patch

Network segment printers away from critical systems using VLANs or firewall rules
Implement strict network access controls to limit printer web interface access to authorized IPs only

🔍 How to Verify

Check if Vulnerable:

Access printer web interface, view page source, search for SMB credentials in HTML

Check Version:

Access printer web interface > Settings > System > Firmware Version

Verify Fix Applied:

After patching, attempt to access HTML source and verify SMB credentials are no longer exposed

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts to printer web interface
Unusual access patterns to printer web pages

Network Indicators:

HTTP requests to printer web interface from unauthorized IPs
Traffic patterns suggesting credential harvesting

SIEM Query:

source="printer_web_logs" AND (url="*view-source*" OR status=200) AND user_agent="*browser*"

📊 Metadata

CVE ID: CVE-2021-42913

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-522

Published: December 20, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42913, you might also want to check these: