Printers are one of the most common devices in daily life which are considered rather common devices in our daily life. Their unique network location and functions determine that they are often used to process many confidential documents, making them attractive targets for APT groups. Once the printer is hacked, not only can the attacker enter the office network, but can even obtain and tamper with the confidential documents.
We took a deep dive into Kyocera printers, one of the major printer brands with annual sales of nearly a million units around the world. Through research on several printers of this brand, we have found multiple high-risk vulnerabilities, which can lead to remote Dos, arbitrary file reading, password leakage, and even pre-auth RCE in severe cases, and these vulnerabilities will affect almost all Kyocera devices.At the same time, because of the long life of printers, a large number of older devices are still in use at home or in the company, we have found that such devices also have a serious preauth-RCE vulnerability but it can not be repaired, creating a significant risk.
We will demonstrate these vulnerabilities which can preauth-rce to lead us to slip into office network and show how to monitor all files with printer native functions.