Mx331 Firmware Security Vulnerabilities and Issues — Mx331 Firmware CVE List

LexmarkMx331 Firmware

7 matches found

CVE•added 2023/01/23 12:0 a.m.•167 views

CVE-2023-23560

CVE-2023-23560 affects Lexmark printers and multifunction devices with a server-side request forgery (SSRF) flaw caused by insufficient input validation in the vulnerable web interface. Reports indicate this can lead to arbitrary code execution with system privileges on affected devices, based on...

9.8CVSS9.3AI score0.14954EPSS

CVE•added 2023/01/23 12:0 a.m.•110 views

CVE-2023-22960

CVE-2023-22960 : Lexmark printer firmware prior to 2023-01-10 is affected by Improper Control of Interaction Frequency, enabling bypass of login brute-force protections. Connected sources indicate exploitation involves the Embedded Web Server interface; impact is limited to authentication bypass ...

7.5CVSS7.5AI score0.27766EPSS

CVE•added 2022/01/20 3:59 p.m.•79 views

CVE-2021-44738

CVE-2021-44738 is a buffer-overflow vulnerability in Lexmark devices’ PostScript interpreter. Multiple sources (ZDI advisories and NVD) describe a write past the end of a buffer during PostScript data handling, enabling potential remote code execution on affected Lexmark printers (e.g., MC3224i) ...

10CVSS9.5AI score0.03312EPSS

CVE•added 2022/01/20 4:11 p.m.•78 views

CVE-2021-44734

CVE-2021-44734 affects Lexmark devices with an embedded web server input sanitization vulnerability that can lead to remote code execution. The issue is documented across multiple feeds (NVD, CVE lists, and vendor advisories) and is tied to Lexmark security alerts (e.g., CVE-2021-44734.pdf) and Z...

10CVSS9.8AI score0.06427EPSS

CVE•added 2022/01/20 4:4 p.m.•66 views

CVE-2021-44737

Lexmark PJL path traversal (CVE-2021-44737) affects Lexmark printers (via PJL command handling) and can overwrite internal configuration files. The root cause is improper filtering of resource/file paths allowing directory traversal. In the Tenable ZDI advisory, it is described as a remote-code-e...

8.8CVSS8.6AI score0.01435EPSS

CVE•added 2022/01/20 4:7 p.m.•63 views

CVE-2021-44735

CVE-2021-44735 is an embedded web server command injection vulnerability in Lexmark devices (through 2021-12-07). The linked advisories/coverage confirm a Lexmark embedded web service issue enabling command execution via the device’s web interface. Multiple vendor/security sources reference this ...

10CVSS9.6AI score0.07702EPSS

CVE•added 2022/08/25 11:11 p.m.•63 views

CVE-2022-29850

Summary: CVE-2022-29850 affects Lexmark printers/products through 2022-04-27. An attacker who has already compromised an affected Lexmark device can use improper input validation to maintain persistence across reboots. Affected component: Lexmark printer product line (unspecified models) with vul...

8.1CVSS8AI score0.00811EPSS