my last message concerning three commons vulnerabilities on Nashuatec printers model D445 is also available for the D435 series.
These two models of printers are vulnerables to:
1- ftp bounce attack
2- adm web server cgi buffer overflow ( eg: reset )
3- (icmp redirect storm) denial of service attack
now a little update (about the two series):
4- By default, a "guest" account (password guest) allow everybody to authenticate himself to the telnet service. That's not exactly what we should call a security hole since everybody can connect to the web server with exactly the same priviledge and without any needed authentication.
5- the telnetd daemon no longer listen on its port after only one syn stealth scan (try nmap "-sS" option).This behavior suggest that this version of telnetd is unable to manage simultaneous connection requests resulting in a possible denial of service attack.
