936 matches found
Lexmark Device Embedded Web Server Remote Code Execution Exploit
An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. I...
Lexmark Device Embedded Web Server Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lexmark Device Embedded Web Server RCE', 'Description' = %q A unauthenticated Remote Code Execution vulnerability exists in the embedded webserve...
CVE-2023-40239
Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...
CVE-2023-40239
Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...
CVE-2023-40239
Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...
Design/Logic Flaw
Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...
PT-2023-27344 · Lexmark · Lexmark
Name of the Vulnerable Software and Affected Versions: Lexmark devices versions prior to LW80..P246 Description: The issue allows XXE attacks, leading to information disclosure. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-wor...
Lexmark Code Issue Vulnerability
Lexmark is a series of printers in the United States. A security vulnerability exists in versions of Lexmark devices prior to 2023-08-25, which stems from an allowed XML External Entity Attack XXE attack that can lead to information disclosure...
CVE-2023-40239
Vulnerability: CVE-2023-40239 affects Lexmark devices (e.g., CS310) prior to 2023-08-25, enabling XML External Entity (XXE) attacks that can disclose information. Root cause / impact: XXE processing flaw in affected firmware leading to information disclosure; no exploit details provided in the do...
CVE-2023-40239
Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...
CVE-2023-40239
Certain Lexmark devices such as CS310 before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 or higher is required to...
Exploit for Improper Input Validation in Lexmark Cxtpc_Firmware
CVE-2023-34362 POCs for credential dumping, reverse shells, an...
The vulnerability of the pagemaker microprogramming software for multifunctional Lexmark devices allows a hacker to execute arbitrary code.
The vulnerability of the pagemaker microprogramming software for multifunctional Lexmark devices is related to access to resources through incompatible types during parameter processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
(Pwn2Own) Lexmark MC3224i putinterval Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the PostScript putinterval command. The issue...
(Pwn2Own) Lexmark MC3224i lbtraceapp _WriteTarFile Command Injection Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark MC3224i printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
(Pwn2Own) Lexmark MC3224i pagemaker NAME Type Confusion Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemaker service. When parsing the NAME element, the process doe...
(Pwn2Own) Lexmark MC3224i pagemark Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pagemark service. The issue results from the lack of proper...
(Pwn2Own) Lexmark MC3224i putinterval Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putinterval method. The issue results from the lack of proper...
(Pwn2Own) Lexmark MC3224i fax_change_faxtrace_setting Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the faxchangefaxtracesettings script. The issue results from the lack...
CVE-2023-26064
Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write...