Any office printer is a network device with multiple exposed services. It often integrates with protocols such as LDAP, SMTP, SMB and FTP. When these services are configured in a basic or careless way, they can be exploited. The most common problems tend to repeat themselves across different environments. Default administrator credentials are often left unchanged, which means anyone who knows the vendor defaults can gain access. Open network ports such as IPP, LPD, RAW 9100, and SNMP expose interfaces that can be interacted with remotely. SNMP version 2 is still widely used with default community strings, which means read access to sensitive configuration data. In some cases, credentials are stored in clear text.
