CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-50738 – A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50738
31 May 2024 — A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `/usr/bin/hydra` service, which listens on TCP port 9100 by default. The issue results from the lack of proper validatio... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-354: Improper Validation of Integrity Check Value CWE-1328: Security Version Number Mutable to Older Versions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50739 – A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50739
26 Apr 2024 — A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IPP server, which listens on TCP port 631 by default. The issue results from the ... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 9%CPEs: 31EXPL: 0CVE-2016-1896
https://notcve.org/view.php?id=CVE-2016-1896
27 Jan 2016 — Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. Condición de carrera en el proceso de inicialización en impresoras Lexmark con firmware ATL en versiones anteriores a ATL.02.049, CB en versiones anteriores a CB.02.049, PP en versiones anteriores a PP.02.049 y YK en versiones ant... • http://support.lexmark.com/index?page=content&id=TE745 • CWE-254: 7PK - Security Features CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4964 – Samsung Printer Backdoor
https://notcve.org/view.php?id=CVE-2012-4964
28 Nov 2012 — The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. El firmware de impresion Samsung antes de 20121031 tiene codificada la comunicad SNMP de lectura y escritura, lo que permite que sea más sencillo para atecantes remotos obtener información sensible a través de una petición SNMP Samsung Printer firmware contains a backdoor administrator account. • http://www.kb.cert.org/vuls/id/281284 • CWE-264: Permissions, Privileges, and Access Controls •