My comment there was not about inherent vulnerability of the device, it more resembled social engineering to crack a system. You are well aware of what is necessary to detect and install printers, knowledge that I'm sure was hard won. The vast majority of people using computers with printers don't have a clue.rcrsn51 wrote:...
Concerning printers: A client, either Linux or Windows, does NOT need uPnP to set up a networked printer. For example, CUPS searches your network for open Port 9100s. A Windows installer may be looking for some proprietary port.
However, if you have a uPnp-capable printer that also enabled port forwarding on your router, then you have a potential problem.
When a particular model of printer, router, etc. is difficult to install people will enter a mode I call "superstitious behavior". "This never was a problem back in the days when we ran DOS, Win95..etc. I'll just disable all the new-fangled stuff where the documentation makes noise about security."
There is no telling what uninformed people will do under these circumstances, but there are, unfortunately, a few people out there who will check to find out if they have opened network vulnerabilities in the process.
There is also a great deal of bad advice posted on-line. Some small part of it may have been contributed by people with ulterior motives. That is why I recommend not allowing any information about your local set-up out on the Internet unless it is necessary for operation.
A search for vulnerabilities which would be impossibly tedious for a person is duck soup for a carefully programmed machine.
