OTPulse
FeedAboutContact

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Monitor5.4ICS-CERT ICSA-23-339-01Dec 5, 2023
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Zebra ZTC Industrial ZT410 and ZTC Desktop GK420d printers contain a vulnerability (CWE-288) that allows an attacker to send specially crafted network packets to change printer credentials and administrative settings without any prior authentication. The vulnerability requires network access to the printer but no credentials. Both products are discontinued: the ZT410 (discontinued Oct 1, 2020) loses support in Sept–Dec 2025, and the GK420d (discontinued Jan 31, 2022) loses support Apr 30, 2025. Zebra printers running Link-OS v6.0 and later can be protected by enabling Protected Mode, which locks configuration changes until an administrator authorizes updates. For affected ZT410 and GK420d units, network segmentation and access controls are recommended until replacement.

What this means
What could happen
An attacker on the same network segment could change printer credentials and access controls without authentication, allowing unauthorized configuration changes or credential compromise. This could disrupt print operations or allow attackers to persist in network printing infrastructure.
Who's at risk
Manufacturing facilities, warehouses, and logistics operations that rely on Zebra ZT410 industrial or GK420d desktop printers for barcode labeling, shipping documentation, or inventory tracking. Anyone whose operations depend on the integrity and availability of printer access controls.
How it could be exploited
An attacker with network access to the printer (same subnet or VLAN) sends specially crafted packets directly to the printer's network interface. No authentication or credentials are required—the printer accepts the packets and alters its stored credentials or administrative settings.
Prerequisites
  • Network access to the printer on the same subnet (AV:A)
  • No authentication credentials required
  • Ability to craft and send network packets to the printer's management port
No authentication requiredLow complexity attackRemotely exploitable from adjacent network segment (AV:A)Both affected products are end-of-life with no patch availableAffects critical operational infrastructure (industrial and desktop printers)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
ZTC Industrial ZT410: vers:all/*All versionsNo fix (EOL)
ZTC Desktop GK420d: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
WORKAROUNDEnable Protected Mode on all Zebra Link-OS v6.0 or later printers if available in your environment. This disables credential changes until an administrator authorizes updates.
HARDENINGFor ZT410 and GK420d printers still in use (both discontinued), apply network segmentation: isolate printer subnets and restrict access to printer management interfaces to authorized administrator workstations only.
WORKAROUNDCreate a firewall rule blocking unauthorized IP addresses from reaching the printer's network management port.
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: ZTC Industrial ZT410: vers:all/*, ZTC Desktop GK420d: vers:all/*. Apply the following compensating controls:
HARDENINGPlan replacement of ZT410 (support ends Sept–Dec 2025) and GK420d (support ends Apr 30, 2025) printers with current Link-OS v6.0+ models or equivalent supported devices.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0acdee6e-f09a-408c-ace7-97377c6b0f52
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d | CVSS 5.4 - OTPulse