NetPuzz: Testing Network Printers via Fully Black-Box and Feedback-Guided Protocol Fuzzing

Network printers have been widely utilized to print various materials, but they still have security risks, caused by vulnerabilities that can be exploited for malicious attacks. Fuzzing is a popular testing technique that has found many vulnerabilities in various scenarios. However, existing fuzzing approaches are limited in network printer testing, due to important difficulties including unavailable source code of printer firmware, ineffective input generation, etc. In this paper, we design NetPuzz, a feedback-guided fuzzing framework of network printers for automated vulnerability detection. It performs fully black-box testing of network printing protocols, without the requirement of source code, reverse engineering or virtual execution of printer firmware. To achieve good results of vulnerability detection, NetPuzz utilizes two key techniques: (1) a sequence-tree-based fuzzing approach that generates effective input-packet sequences based on sequence tree mutation and printer response sequence guidance; (2) a bisection-based strategy that extracts minimal PoC sequences from the original input-packet sequences triggering vulnerabilities. We use NetPuzz to test seven commercial network printers, and it finds 25 new and unique vulnerabilities, 23 of which have been assigned with CVE/CNVD IDs.