Hey community!

Without being alarmist, I have serious concerns regarding the security of the remote access solution "QIDI Link". It is possible for an unauthenticated attacker to access a cloud connected printer over the internet. I strongly urge anyone who uses this service to read through the report and familiarise themselves with the risks.

https://github.com/snowdroppe/qidi-security-disclosure

This public disclosure follows a 90-day responsible disclosure with Qiditech regarding their 3d printers and online services. This is to provide them with the opportunity to remediate issues prior to this public disclosure.