Service:
jetdirect
Protocol:
TCPPort:
9100Used for:
Network printing and system metrics collectionWhy It’s Open
Port 9100 is used by JetDirect/AppSocket printing, a raw TCP printing protocol commonly exposed by network printers and print servers. It allows clients to send print jobs directly to the device without additional protocol negotiation.
This port is often open on office printers, MFPs, and embedded print appliances. It may also appear in environments that collect printer telemetry and queue metrics from centrally managed print infrastructure.
Common Risks
- Unauthenticated Print Submission
Attackers can submit arbitrary print jobs if access is not restricted. - Printer Abuse and Spam
Exposed devices can be flooded with junk jobs, causing business disruption. - Data Leakage via Print Jobs
Sensitive documents and metadata may be exposed through misconfigured queues. - PJL/Device Command Abuse
Some printers accept Printer Job Language (PJL) commands that can reveal config or alter settings. - Lateral Movement Risk
Compromised or exposed printers can become footholds in internal networks.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Basic port scan:
nmap -sV -p 9100JetDirect service fingerprinting:
nmap --script pjl-ready-message -p 9100Manual connection test:
nc -v 9100Banner/service probe:
printf "@PJL INFO STATUS\r\n" | nc 9100What to Look For
| Checkpoint | What it means |
|---|---|
| Port 9100 exposed externally | Printer is reachable from untrusted networks |
| Accepts raw jobs without auth | Anyone can submit or abuse print jobs |
| PJL responses exposed | Device details and configuration may leak |
| Legacy firmware/version data | Known printer vulnerabilities may apply |
| High unaudited print volume | Potential abuse, spam, or exfiltration attempts |
Mitigation
- Restrict Network Access
Allow port 9100 only from approved print servers or trusted subnets. - Disable Raw Printing if Unneeded
Prefer controlled printing protocols where possible (for example IPP with auth/TLS). - Harden Printer Configuration
Disable unused services and require authentication for admin functions. - Firmware and Patch Management
Keep printer firmware up to date to reduce exploit exposure. - Segmentation
Place printers in isolated VLANs with limited east-west access. - Monitoring
Log and alert on unusual print volume, unknown clients, and PJL command activity.
TL;DR
- Port 9100 = JetDirect raw printing
- Often unauthenticated by default
- Can be abused for spam/DoS/data leakage
- Restrict to trusted hosts only
- Keep firmware updated and monitor usage
Known CVEs and Exploits
- CVE-2023-27350 – PaperCut MF/NG RCE that can impact print infrastructure.
- CVE-2021-39237 – PrinterLogic Web Stack vulnerability affecting centralized print management.
- CVE-2017-2750 – HP printer PJL directory traversal / information disclosure.
- CVE-2021-3438 – Printing subsystem vulnerability relevant to enterprise print environments.