In today’s random adventures, I was doing some port scanning & telneting around my home network (as one does in the late evening)
I poked and and discovered HP Printers have port 9100 open by default. I wonder what it can do. Let’s telent.
Turns out you can do some fun things with port 9100. Any raw text that type gets printed when you close the connection. Harmless Fun!
Well apparently there is a 10/10 severity CVE-2011-4161 out there for it that“allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update”.
Looks like Port 9100 (JetDirect / RAW printing) is a pretty legacy method for printing, and nothing realistically uses it… along with several others printing methods. HP has a whole list of Recommended security settings. It’s wild they ship this way.
So I went ahead, logged into the UI and turned off several of them:
- Google Cloud Print
- LPD
- SLP
- WiFi-Direct
- Web Services
- SMBv2
Modern printing (IPP / AirPrint) continues to work perfectly.
Security hardening my printer wasn’t on my bingo card, but here we are. Good fun!
