Dell 2335dn Password Disclosure

During a recent pentest, I encountered a Dell 2335dn printer which did not have any admin credentials set (the default). After authenticating with the username “admin” I began to poke around to see if there was an ldap server or smtp server configured that I could exploit (See: for some good info on printer exploitation)


What I found was much simpler than that. Right click and “view source” shows the configured smtp and (presumably) ldap credentials in plain-text. This device was running the following firmware versions, and I have not tested it with other versions, but I suspect that they are vulnerable as well.


  • Printer Firmware Version:
  • Engine Firmware Version:1.10.65
  • Network Firmware Version:V4.02.15(2335dn MFP) 11-22-2010


Dell 2335dn management interface

Dell 2335dn management interface


Dell 2335dn "view source"

Dell 2335dn “view-source”


Super-l33t hack, right? I mean, Taviso is probably jealous. Either way, I felt it was at least important to point out…another good reason to make sure your printer admin interfaces are secured.


I contacted Dell Vulnerability Research and provided the information to them. They indicated that this will not be remediated, since the 2335dn is end-of-support as of May 2018.



  • Initial contact to Dell Vulnerability Research: May 2, 2018
  • May 16th, 2018 Follow up from Dell: “Our engineering team is still assessing this and working the 3rd party suppliers who provide us the required updates.”
  • Follow up email to Dell: August 1, 2018
  • August 2, 2018 Follow up from Dell: “2335dn has End Of Support Life on May-2018. The replacement printer for the above would be B2375dnf (Falcon) or H815dw (Gyrfalcon C).”
  • Follow up email to Dell, advising them I would be posting this write up: August 21, 2018.


No further response from Dell. This has tentatively been assigned CVE-2018-15748.