BleepingComputer reports that new firmware has been released by Chinese consumer 3D printer manufacturer AnyCubic to resolve an actively exploited critical zero-day vulnerability impacting its Kobra 2 Pro, Plus, and Max printers.
Intrusions leveraging the flaw to compromise AnyCubic's MQTT service API permissions were purportedly conducted by security researchers to warn 3D printer users regarding the existence of a significant security issue, with the researchers alleging that AnyCubic had ignored three separate emails regarding the bug during the past two months. On the other hand, AnyCubic emphasized its "swift action" in responding to the vulnerability with the newly released firmware, which bolsters its MQTT server's security verification and authorization/permission management processes. Additional updates, including network segmentation adoption and regular system, software, and MQTT server audits and updates, are poised to be integrated into succeeding firmware updates, the first of which is expected on Wednesday, according to AnyCubic.