Saturday, May 24, 2025
HomeCVE/vulnerabilityMillions of Printers Worldwide Vulnerable To The 16-Year-Old Bug

Millions of Printers Worldwide Vulnerable To The 16-Year-Old Bug

Published on

SIEM as a Service

Follow Us on Google News

Cybersecurity analysts have recently discovered a vulnerability in a common printer driver used by major manufacturers like HP, Xerox, and Samsung.

This occurrence was alerted by the security experts of SentinelOne security firm, and they have tracked this vulnerability with the following CVE ID:-

  • CVE-2021-3438

They have claimed that since 2005 which means for 16 years this flaw has been hidden in the common printer driver of the major global brands like HP, Xerox, and Samsung.

- Advertisement - Google News

It seems that the printer-related problems that are falling in 2021 are far more dangerous and quite unexpected.

Flaw profile

  • CVE ID: CVE-2021-3438
  • Bug Summary: It is a buffer overflow vulnerability.
  • CVSS: 8.8
  • Severity: High

Severe Vulnerability

Apart from this, the cybersecurity experts have affirmed that the CVE-2021-3438 is a buffer overflow vulnerability that is present in the print driver SSPORT.SYS file.

The vulnerability CVE-2021-3438 has existed since 2005 and that’s why it affects hundreds of millions of devices and users worldwide. And by exploiting this flaw an attacker can gain elevated privileges on the affected system.

The experts explained that with the printer software the vulnerable driver gets installed automatically, and after the installation, whenever the Windows will restart it will be loaded.

In short, this simple regular mechanism will allow the bug to become more vulnerable and exploitable since this will allow an attacker to attack the vulnerable devices when they are not even connected to the system.

This whole thing could lead an attacker to take complete control of the affected computer. Since, the experts have concluded that taking advantage of the vulnerability in the driver was not very difficult, and didn’t require user intervention. 

If an attacker managed to gain basic permissions then it could be scaled to System, and even allow the attacker to run code in the kernel. And this will lead the attacker to evade the security tools and security mechanisms of the OS.

Things that an attacker will be able to do after successful exploitation:-

  • Install programs
  • View programs and files
  • Change programs
  • Encrypt programs and files
  • Delete data
  • Create new users with admin permissions 

Affected Devices

While if we talk about the affected devices, then specifically more than 380 different HP and Samsung printers are affected, and 12 Xerox devices are affected by this flaw.

Affected devices of HP and Samsung (Full list).

Affected devices of Xerox:-

  • Xerox B205
  • Xerox B210
  • Xerox B215
  • Phaser 3020
  • Phaser 3052
  • Phaser 3260
  • Phaser 3320
  • WorkCentre 3025
  • WorkCentre 3215
  • WorkCentre 3225
  • WorkCentre 3315
  • WorkCentre 3325

Remediation

After the discovery of PrintNightmare vulnerability, several cybersecurity researchers become alerted and decided to take a closer look at Windows printing APIs; and as a result, they ended up finding more vulnerabilities.

However, this vulnerability has now been fixed, and the security researchers have strongly urged both enterprises and consumers to apply the security patch immediately from the manufacturer’s website.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...