CVE-2021-44736 – Lexmark MC3224i Unprotected API Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-44736

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. El asistente de configuración inicial de la cuenta de administrador en los dispositivos Lexmark permite el acceso no autenticado a la funcionalidad "out of service erase" This vulnerability allows remote attackers to remove authentication on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within URL handling. The issue results from the lack of proper restriction to a URL. An attacker can leverage this vulnerability to execute code in the context of root. • https://support.lexmark.com/alerts https://www.zerodayinitiative.com/advisories/ZDI-22-331 • CWE-287: Improper Authentication •