Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication.

CVEs (1)

Remediations

• Zebra printers running Link-OS v6.0 and later have a protected mode that protects the printer from this vulnerability. Activating this mode disables unauthorized changes and locks the current configuration until an administrator authorizes updates. By default, the secure mode is disabled as it is necessary to generate a password first.
• For more information about the protected mode and to apply it to Zebra printer products that may be affected, see the Link-OS Printer Administration Guide.
• NOTE: the ZT410 industrial printer was discontinued on Oct 1st, 2020. The service and support discontinuation dates are in September and December 2025 depending on region. Further information regarding security settings and best practices, including "Protected Mode", can be found in the references of the product.
• NOTE: the GK420d desktop printer was discontinued on Jan 31, 2022. The service and support discontinuation date is April 30 2025.
• For more information on the product resources, see GK420d Desktop Printer Support Manual.
• For more information on this vulnerability, see INCIBE-CERT's Security Advisory.

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing