CVSS: 10.0EPSS: 2%CPEs: 472EXPL: 0CVE-2021-44734 – Lexmark MC3224i Web Configuration File Code Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44734
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. Una vulnerabilidad en el saneo de entradas del servidor web integrado en los dispositivos Lexmark versiones hasta 07-12-2021, que puede conllevar a una ejecución de código remota en el dispositivo This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of a user-supplied string before using it to write to a configuration file. An attacker can leverage this vulnerability to execute code in the context of the www-data user. • https://support.lexmark.com/alerts https://www.zerodayinitiative.com/advisories/ZDI-22-332 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 472EXPL: 0CVE-2021-44737 – Lexmark MC3224i PJL Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44737
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. Una vulnerabilidad de salto de directorios PJL en dispositivos Lexmark versiones hasta 07-12-2021 que puede ser aprovechada para sobrescribir archivos de configuración internos This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of PJL commands. The issue results from an exposed danagerous function, which can allow the creation of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of root. • https://support.lexmark.com/alerts https://www.zerodayinitiative.com/advisories/ZDI-22-333 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 5%CPEs: 472EXPL: 0CVE-2021-44738 – Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44738
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. Se ha identificado una vulnerabilidad de desbordamiento del búfer en los dispositivos Lexmark versiones hasta 07-12-2021, en el intérprete de postscript This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. Crafted PostScript data can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://support.lexmark.com/alerts https://www.zerodayinitiative.com/advisories/ZDI-22-327 https://www.zerodayinitiative.com/advisories/ZDI-22-328 https://www.zerodayinitiative.com/advisories/ZDI-22-382 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 160EXPL: 0CVE-2020-10093
https://notcve.org/view.php?id=CVE-2020-10093
A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products. Una vulnerabilidad de tipo cross-site scripting (XSS) en la impresora inkjet de la serie Lexmark Pro910 y otros productos discontinuados. • http://support.lexmark.com/index?page=content&id=TE936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 160EXPL: 0CVE-2020-10094
https://notcve.org/view.php?id=CVE-2020-10094
A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier. Una vulnerabilidad de tipo cross-site scripting (XSS) en Lexmark CS31x versiones anteriores a LW74.VYL.P273; CS41x versiones anteriores a LW74.VY2.P273; CS51x versiones anteriores a LW74.VY4.P273; CX310 versiones anteriores a LW74.GM2.P273; CX410 & XC2130 versiones anteriores a LW74.GM4.P273; CX510 & XC2132 versiones anteriores a LW74.GM7.P273; MS310, MS312, MS317 versiones anteriores a LW74.PRL.P273; MS410, M1140 versiones anteriores a LW74.PRL.P273; MS315, MS415, MS417 versiones anteriores a LW74.TL2.P273; MS51x, MS610dn, MS617 versiones anteriores a LW74.PR2.P273; M1145, M3150dn versiones anteriores a LW74.PR2.P273; MS610de, M3150 versiones anteriores a LW74.PR4.P273; MS71x, M5163dn versiones anteriores a LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 versiones anteriores a LW74.DN2.P273; MS810de, M5155, M5163 versiones anteriores a LW74.DN4.P273; MS812de, M5170 versiones anteriores a LW74.DN7.P273; MS91x versiones anteriores a LW74.SA.P273; MX31x, XM1135 versiones anteriores a LW74.SB2.P273; MX410, MX510 & MX511 versiones anteriores a LW74.SB4.P273; XM1140, XM1145 versiones anteriores a LW74.SB4.P273; MX610 & MX611 versiones anteriores a LW74.SB7.P273; XM3150 versiones anteriores a LW74.SB7.P273; MX71x, MX81x versiones anteriores a LW74.TU.P273; XM51xx & XM71xx versiones anteriores a LW74.TU.P273; MX91x & XM91x versiones anteriores a LW74.MG.P273; MX6500e versiones anteriores a LW74.JD.P273; C746 versiones anteriores a LHS60.CM2.P738; C748, CS748 versiones anteriores a LHS60.CM4.P738; C792, CS796 versiones anteriores a LHS60.HC.P738; C925 versiones anteriores a LHS60.HV.P738; C950 versiones anteriores a LHS60.TP.P738; X548 & XS548 versiones anteriores a LHS60.VK.P738; X74x & XS748 versiones anteriores a LHS60.NY.P738; X792 & XS79x versiones anteriores a LHS60.MR.P738; X925 & XS925 versiones anteriores a LHS60.HK.P738; X95x & XS95x versiones anteriores a LHS60.TQ.P738; 6500e versiones anteriores a LHS60.JR.P738; C734 versiones LR.SK.P824 y anteriores; C736 versiones LR.SKE.P824 y anteriores; E46x versiones LR.LBH.P824 y anteriores; T65x versiones LR.JP.P824 y anteriores; X46x versiones LR.BS.P824 y anteriores; X65x versiones LR.MN.P824 y anteriores; X73x versiones LR.FL.P824 y anteriores; W850 versiones LP.JB.P823 y anteriores; y versiones X86x LP.SP.P823 y anteriores. • http://support.lexmark.com/index?page=content&id=TE936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •