The printers get it from treck (HP OfficeJet and LaserJet use it), which probably means that other clients of this TCP/IP stack will be vulnerable as well. Although I can't figure out why this feature should be "on-by-default" in treck, as most clients probably don't need it activated.
If it were off the UI designers would have to add it to the configuration system of the printer for that 0.1% of (corporate VIP) users who need it. That's something that seems to be a big ask for printer manufacturers. Even something like a SNMP MIB you can write to is a bridge too far.
