CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-50738 – A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50738
31 May 2024 — A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `/usr/bin/hydra` service, which listens on TCP port 9100 by default. The issue results from the lack of proper validatio... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-354: Improper Validation of Integrity Check Value CWE-1328: Security Version Number Mutable to Older Versions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50739 – A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50739
26 Apr 2024 — A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IPP server, which listens on TCP port 631 by default. The issue results from the ... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.6EPSS: 0%CPEs: 32EXPL: 0CVE-2016-3145
https://notcve.org/view.php?id=CVE-2016-3145
22 Apr 2016 — Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. Impresoras Lexmark con firmware ATL en versiones anteriores a ATL.021.063, CB en versiones anteriores a CB.021.063, PP en versiones anteriores a PP.021.063 y YK en versiones anteriores a YK.021.063 man... • http://support.lexmark.com/index?page=content&id=TE760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 9%CPEs: 31EXPL: 0CVE-2016-1896
https://notcve.org/view.php?id=CVE-2016-1896
27 Jan 2016 — Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. Condición de carrera en el proceso de inicialización en impresoras Lexmark con firmware ATL en versiones anteriores a ATL.02.049, CB en versiones anteriores a CB.02.049, PP en versiones anteriores a PP.02.049 y YK en versiones ant... • http://support.lexmark.com/index?page=content&id=TE745 • CWE-254: 7PK - Security Features CWE-264: Permissions, Privileges, and Access Controls •