CVE-2021-44735

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07...

CVE-2021-44737

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files...

CVE-2021-44737

Lexmark PJL path traversal (CVE-2021-44737) affects Lexmark printers (via PJL command handling) and can overwrite internal configuration files. The root cause is improper filtering of resource/file paths allowing directory traversal. In the Tenable ZDI advisory, it is described as a remote-code-e...

CVE-2021-44738

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter...

CVE-2021-44738

CVE-2021-44738 is a buffer-overflow vulnerability in Lexmark devices’ PostScript interpreter. Multiple sources (ZDI advisories and NVD) describe a write past the end of a buffer during PostScript data handling, enabling potential remote code execution on affected Lexmark printers (e.g., MC3224i) ...

Lexmark 授权问题漏洞

Lexmark is a family of printers in the United States. An authorization issue vulnerability exists in Lexmark devices, which arises from the product's initial administrative account setup wizard allowing an unauthenticated user's access to the out-of-service erase function...

PT-2022-12213 · Lexmark · Lexmark Devices

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: The issue is related to an embedded web server command injection vulnerability. This vulnerability was identified in Lexmark devices through 2021-12-07. There is no information...

Lexmark 安全漏洞

Lexmark is a series of printers in the U.S. Lexmark is vulnerable to a buffer overflow vulnerability that exists due to a boundary error when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system...

Lexmark 路径遍历漏洞

Lexmark is a family of printers in the U.S. A path traversal vulnerability exists in Lexmark devices, which stems from the product's failure to properly filter special elements in resource or file paths. An attacker could access the PJL directory through this vulnerability and could override...

Lexmark 命令注入漏洞

Lexmark is a series of printers in the U.S. A command injection vulnerability exists in Lexmark, which stems from the failure of a network system or product to properly filter special characters, commands, etc. during the execution of commands entered by a user into the construct. An attacker cou...

Lexmark 代码注入漏洞

Lexmark is a series of printers in the U.S. A security vulnerability exists in Lexmark, which stems from a network system or product that does not properly filter special elements in code segments constructed from external input data. An attacker could exploit the vulnerability to generate an...

PT-2022-12212 · Lexmark · Lexmark Devices

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: The issue is related to an embedded web server input sanitization vulnerability in Lexmark devices, which can lead to remote code execution on the device. Recommendations: At the...

PT-2022-12214 · Lexmark · Lexmark Devices

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: The initial admin account setup wizard on Lexmark devices allows unauthenticated access to the "out of service erase" feature. This issue may be related to an unprotected API,...

partner.lexmark.com Open Redirect vulnerability OBB-2147916

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Metasploit Wrap-Up

Print Driver PrivEsc If you attended DEF CON last week, you may have seen this talk on print driver vulnerabilities from Metasploit community contributor Jacob Baines. In the spirit of Friday the 13th, we're highlighting some of these "print nightmares" again, in the form of two new Metasploit...

Lexmark Driver Privilege Escalation

Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenicated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:\ProgramData\Universal Color Laser.gdl to replace the DLL path to unires.dll with a...

Lexmark Driver Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lexmark Driver Privilege Escalation', 'Description' = %q Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileg...

Fixed vulnerabilities in the Lexmark Universal Printer Driver

Lexmark has fixed vulnerabilities in the Universal Printer Driver. A local malicious person with rights to install/activate new printers could install/activate, could exploit the vulnerabilities to execute arbitrary code with SYSTEM privileges. Lexmark has released updates to fix the...

CVE-2021-35449

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing durin...

CVE-2021-35449

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing durin...