Home Network Community > Deco > Intrusion Prevention System blocking printer
< Deco

Intrusion Prevention System blocking printer

123

Intrusion Prevention System blocking printer

24 Reply
Re:Intrusion Prevention System blocking printer
Yesterday

  @mark213a 

@Dugguh 

 

Hi, thank you very much for the update.

Please refer to the following post:https://community.tp-link.com/en/home/forum/topic/846496

The latest news I have received is that the fixed patch will be updated in the next 2-3 days. It would be better to check next Monday.

Sorry for the inconvenience.

Best regards.

 

Check What's Currently Going on With DecoParental Control Upgrade on HomeCare ModelsDeco BE85 1.2.0 Enhanced Mesh Backhaul Stability and Device Roaming ExperienceDeco BE65/BE65 Pro 1.2.0 Enhanced Mesh Network Stability and System SecurityDeco BE75 1.1.0 Added WireGuard VPN, Manual Channel Selection and More Try to leave a Message if urgent help is required.
  0  
  0  
#22
Options
Re:Intrusion Prevention System blocking printer
Yesterday

  @David-TP Thanks David for the update and link. Will try to re-test next week both services on the NAS and Printer - these are the ones I am pending the patch

 

SNMP(CVE-2002-0013) A fixed patch will be updated in the cloud database soon
CVE-technet.microsoft.com/en-us/secuOS-WINDOWS_Microsoft_Windows_TCP_print_sevice_overflow-attempt
CVE-tools.cisco.com/security/cernter/protocol-SNMP_public_access_upd
CVE-2017-7285
OS-LINUX_Linux-Kernel_Challenge_ACK_provocation_attempt
  0  
  0  
#23
Options
Re:Intrusion Prevention System blocking printer
10 hours ago
Patch released. Initial testing looks good. Rebooted Deco and tested. No firewall logs and no quarantine happening. Also NAS tests are passing too. Will monitor for next few days.
  1  
  1  
#24
Options
Re:Intrusion Prevention System blocking printer
8 hours ago

@David-TP 

 

I've reported on this in an another thread. However as this thread seem to be specific for this SNMP Protocol block issue, I'll add my findings here.

I want to mention its not only the Epson printer, software affected - HP in this household.

 

This is related to ticket: TKID251055426

And a log file has been sent with another ticket TKID251062808 after the event described below. (Maybe merge the two tickets and go with the first)

 

We are using a HP printer and their software "HP Smart"

  • Installed on a HP Laptop Windows 11, Both HP Smart app and a windows print setup
  • Installed on a Mac with both app HP Smart and macOS print from installed HP drivers
  • Installed on an iPhone HP Smart app
  • Installed on an Pixel Google Android

 

Below note of the block + description of disruption.

 

So far only this seem to be related to the HP Laptop. All four times it has been used, it has caused problems. Did run searches of malware and more and did not find any. Also followed other recommendation to look for possible threats but no success.  I've looked for any Cisco software and tools in the HP Laptop but non are installed. Only on my Mac is the Webex app and browser plugin. However this only happens when the HP is used and in relation to this Block event. No printing was done or started when the block was triggered.

 

Firmware

Event

Note

1.9.1 Build 20251020 Rel 38717

BLOCK 1

Attack from: 192.168.0.10 (HP Laptop)

October 31st 11:28 AM 

PROTOCOL-SNMP_public_access_udp
(CVE-tools.cisco.com/security/center/
PROTOCOL-SNMP_public_access_udp)

1.9.1 Build 20251020 Rel 38717

BLOCK 2

Attack from:192.168.0.10 (HP Laptop)

October 31st 11:28 AM 

 PROTOCOL-SNMP_request_udp
(CVE-2002-0013)

 

Description of disruption

Note Unit/s Description
1 HP Laptop

All four events triggered when this Laptop have been starting up and used. It's obvious. No printer service was triggered or used. I have been scanning it for malware and virus. I suspect the HP smart app and or Windows process.

During/after the block event its not reaching any external websites. Can reach some internal clients as the Home Assistant server web UI. External ones seems blocked. Can ping several internal clients but not open any of the web UI's on the Support Server (in Linux).
2 Mac MacOS Can ping some other clients but cant reach external websites. After restart I can browse websites as normal.
2

Random devices

clients

Google TV can not connect to steaming services. Android phone gets blocked from browsing the web as normal.

A PlayStation continues to operate as normal, no impact.

The support server cannot operate as normal, either internally or externally. I tried to ping it from my Mac and I could reach it, however could not get to the UIs on the docker containers or any of the applications running. Functions and ALL communications between the Home Assistant and the Support server stopped (log indicates the timestamp of the block above).
3 Router and App Can open the app, however it says the Router is not reachable. Says its offline. 
4 Access Points Still green light is on all the APs. All units are greyed out in the app.

 

New Firmware 1.9.1 Build 20250926 Rel. 53742 is loaded at 31st October around 6pm (GMT/UTC +1) I will test to

 

 

************************************************************ UTC + 1 GMT + 1 Zone M5 * 6 units with IoT setup. Both wired and wireless backhaul.
  0  
  0  
#25
Options
123
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.