The bigger concern is that infections can spread. Even if the printer isn’t accessible via WAN, something on the network will be. So if something else gets infected, it will be able to spread to the printer via LAN. Unless it’s the only thing on the network, LAN-only won’t fully protect it from infection.
And once it’s infected, you have a rogue device on your network. It can use things like UPnP to access the WAN, turning it into a node for someone’s botnet.
Set some firewall rules. The printer doesn’t need to be able to make any outbound connections. It only needs inbound connections on a few ports to work.
I feel like you glossed over the “you have a rogue device on your network” side of things. Even if it can’t reach the internet directly, it will still quietly sit there and try to infect every other device on your network.
If you’re not in the habit of updating your firmware, (and in this case, you’re actively defeating firmware updates), that infection can quickly snowball.
The bigger concern is that infections can spread. Even if the printer isn’t accessible via WAN, something on the network will be. So if something else gets infected, it will be able to spread to the printer via LAN. Unless it’s the only thing on the network, LAN-only won’t fully protect it from infection.
And once it’s infected, you have a rogue device on your network. It can use things like UPnP to access the WAN, turning it into a node for someone’s botnet.
Set some firewall rules. The printer doesn’t need to be able to make any outbound connections. It only needs inbound connections on a few ports to work.
I feel like you glossed over the “you have a rogue device on your network” side of things. Even if it can’t reach the internet directly, it will still quietly sit there and try to infect every other device on your network.
If you’re not in the habit of updating your firmware, (and in this case, you’re actively defeating firmware updates), that infection can quickly snowball.