CVE-2023-49963
📋 TL;DR
DYMO LabelWriter Print Server versions through 2.366 contain a hard-coded backdoor password that allows authentication bypass. Attackers can exploit this to gain administrative control of the print server. Organizations using DYMO LabelWriter Print Server versions up to 2.366 are affected.
💻 Affected Systems
- DYMO LabelWriter Print Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the print server allowing attackers to execute arbitrary code, intercept print jobs, or use the server as a pivot point into the network.
Likely Case
Unauthorized administrative access to the print server enabling configuration changes, print job manipulation, and potential data exfiltration.
If Mitigated
Limited impact if print server is isolated from critical systems and monitored for unauthorized access attempts.
🎯 Exploit Status
Exploitation requires network access to the print server but uses simple authentication bypass with known credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.367 or later
Vendor Advisory: https://www.dymo.com/support
Restart Required: Yes
Instructions:
1. Download latest version from DYMO website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.
🔧 Temporary Workarounds
Network Isolation
allRestrict network access to the print server using firewall rules
Disable Service
windowsTemporarily disable DYMO Print Server service until patched
sc stop "DYMO Print Server"
sc config "DYMO Print Server" start= disabled
🧯 If You Can't Patch
- Isolate the print server on a separate VLAN with strict firewall rules
- Implement network monitoring for authentication attempts to the print server
🔍 How to Verify
Check if Vulnerable:
Check DYMO Print Server version in application or via Windows Programs and FeaturesCheck Version:
On Windows: wmic product where name="DYMO Print Server" get versionVerify Fix Applied:
Verify version is 2.367 or later in application settings📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful login
- Unusual administrative configuration changes
Network Indicators:
- Unexpected connections to DYMO Print Server port (typically 41951)
- Authentication attempts using known backdoor credentials
SIEM Query:
source="DYMO Print Server" AND (event_type="authentication" AND result="success")