MidnightBSD

Advisories for lexmark

CVE-2001-0044 HIGH

Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lexmark markvision 4.3
CVE-2004-0740 MEDIUM

The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lexmark t522_network_printer *
CVE-2006-0577 HIGH

Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lexmark x1185 *
CVE-2006-0592 HIGH

Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lexmark printer_sharing 9.41
lexmark printer_sharing 8.29
CVE-2010-0101 HIGH

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lexmark x73x *
lexmark n70xxe *
lexmark x644 *
lexmark c510 *
lexmark n4050e *
lexmark c73x *
lexmark x34x *
lexmark t650 *
lexmark x772e *
lexmark c546 *
lexmark x546 *
lexmark x422 *
lexmark t64x *
lexmark e360dn *
lexmark x86x *
lexmark w850 *
lexmark c52x *
lexmark e450 *
lexmark x85x *
lexmark c544 *
lexmark x46x *
lexmark e460 *
lexmark t652 *
lexmark x65x *
lexmark x543 *
lexmark e260 *
lexmark n4000 *
lexmark e120 *
lexmark e23x *
lexmark x782e *
lexmark x646 *
lexmark x26x *
lexmark t654 *
lexmark x544 *
lexmark e238 *
lexmark n8120 *
lexmark x64xef *
lexmark x36x *
lexmark c540 *
lexmark x642 *
lexmark c920 *
lexmark c935dn *
lexmark c543 *
lexmark e350 *
lexmark e462 *
lexmark c77x *
lexmark t656 *
lexmark c53x *
lexmark w840 *
lexmark t430 *
lexmark e34x *
lexmark n8130 *
lexmark e240 *
lexmark 25xxn *
lexmark e250 *
lexmark c78x *
lexmark x20x *
lexmark e33x *
lexmark e240n *
lexmark e360d *
lexmark x94x *
CVE-2010-0618 MEDIUM

The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lexmark z2420 *
CVE-2010-0619 HIGH

Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark x94x *
CVE-2013-3055 HIGH

Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lexmark markvision *
CVE-2013-6032 HIGH

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lexmark n70xxe *
lexmark x644 *
lexmark e350 *
lexmark n4050e *
lexmark x772 *
lexmark x78x *
lexmark c52x *
lexmark e450 *
lexmark x85x *
lexmark c77x *
lexmark c53x *
lexmark w840 *
lexmark 25xxn *
lexmark e250 *
lexmark x64xef *
lexmark c78x *
lexmark n4000 *
lexmark t64x *
lexmark x642 *
lexmark c920 *
lexmark c935dn *
lexmark x646 *
lexmark x94x *
CVE-2013-6033 LOW

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lexmark e350 *
lexmark c52x *
lexmark e250 *
lexmark e450 *
lexmark t64x *
lexmark c53x *
lexmark w840 *
lexmark c920 *
lexmark c935dn *
CVE-2014-8741 HIGH

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lexmark markvision_enterprise *
CVE-2014-8742 HIGH

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lexmark markvision_enterprise *
CVE-2014-9375 HIGH

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lexmark markvision_enterprise -
CVE-2016-1487 MEDIUM

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
lexmark markvision_enterprise *
CVE-2016-1896 HIGH

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,CWE-264,

Products Affected

Vendor Product Version
lexmark printer_firmware *
CVE-2016-3145 LOW

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lexmark printer_firmware *
CVE-2016-4335 MEDIUM

An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark perceptive_document_filters -
CVE-2016-4336 HIGH

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
lexmark perceptive_document_filters -
CVE-2016-5646 MEDIUM

An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark perceptive_document_filters 11.2.0.1732
CVE-2016-6918 HIGH

Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
lexmark markvision_enterprise *
CVE-2017-13771 MEDIUM

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
lexmark scan_to_network *
CVE-2017-2806 MEDIUM

An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
lexmark perceptive_document_filters 11.3.0.2400
lexmark perceptive_document_filters 11.3.0.2228
CVE-2017-2821 MEDIUM

An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
lexmark perceptive_document_filters 11.3.0.2400
lexmark perceptive_document_filters 11.4.0.2452
CVE-2017-2822 MEDIUM

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark perceptive_document_filters 11.3.0.2400
CVE-2018-15519 HIGH

Various Lexmark devices have a Buffer Overflow (issue 1 of 2).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark xm71xx_firmware *
lexmark xs74x_firmware *
lexmark xs95x_firmware *
lexmark xm1145_firmware *
lexmark cx410_firmware *
lexmark mx61x_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark x92x_firmware *
lexmark mx51x_firmware *
lexmark mx6500_firmware *
lexmark x65x_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark xc2132_firmware *
lexmark mx41x_firmware *
lexmark xm51xx_firmware *
lexmark x95x_firmware *
lexmark x79x_firmware *
lexmark cx310_firmware *
lexmark xs92x_firmware *
lexmark xs79x_firmware *
lexmark 6500_firmware *
lexmark cx510_firmware *
lexmark mx71x_firmware *
lexmark x54x_firmware *
lexmark xs54x_firmware *
lexmark mx91x_firmware *
lexmark x46x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark xm3150_firmware *
CVE-2018-15520 HIGH

Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark cx860_firmware *
lexmark cx72x_firmware *
lexmark mb2650_firmware *
lexmark mx321_firmware *
lexmark mx622_firmware *
lexmark mc2325_firmware *
lexmark xc41x0_firmware *
lexmark xc92x5_firmware *
lexmark mc2535_firmware *
lexmark mb2770_firmware *
lexmark xc2235_firmware *
lexmark xm7370_firmware *
lexmark mb2442_firmware *
lexmark xm7355_firmware *
lexmark cx522_firmware *
lexmark cx82x_firmware *
lexmark xm5370_firmware *
lexmark xc6152_firmware *
lexmark mb2546_firmware *
lexmark xc8160_firmware *
lexmark mc2425_firmware *
lexmark mx52x_firmware *
lexmark xm124x_firmware *
lexmark mx82x_firmware *
lexmark cx92x_firmware *
lexmark mb2338_firmware *
lexmark mx72x_firmware *
lexmark cx421_firmware *
lexmark xc4240_firmware *
lexmark mc2640_firmware *
lexmark cx62x_firmware *
lexmark mx42x_firmware *
lexmark xc8155_firmware *
lexmark xm3250_firmware *
CVE-2018-17944 MEDIUM

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lexmark cx860_firmware -
lexmark xc8155_firmware -
lexmark xc4150_firmware -
lexmark xc8160_firmware -
lexmark cx820_firmware -
lexmark cx725h_firmware -
lexmark cx825_firmware -
lexmark xc6152_firmware -
CVE-2018-18894 MEDIUM

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lexmark xm1145_firmware *
lexmark c925_firmware *
lexmark x73x_firmware *
lexmark ms91x_firmware *
lexmark c79x_firmware *
lexmark ms610de_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark x95x_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark cx510_firmware *
lexmark c748_firmware *
lexmark xs478_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark sm91x_firmware *
lexmark cs41x_firmware *
lexmark cs51x_firmware *
lexmark m3150_firmware *
lexmark xm71xx_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c95x_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m5163_firmware *
lexmark x65x_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark xc2132_firmware *
lexmark mx610_firmware *
lexmark mx511_firmware *
lexmark xs79x_firmware *
lexmark ms610dte_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-10057 MEDIUM

Various Lexmark products have CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
lexmark ms610dn_firmware *
lexmark m1140_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark mx31x_firmware *
lexmark ms51x_firmware *
lexmark ms415_firmware *
lexmark m1145_firmware *
lexmark ms410_firmware *
lexmark ms810_firmware *
lexmark ms817_firmware *
lexmark cs31x_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark m3150dn_firmware *
lexmark ms315_firmware *
lexmark ms811_firmware *
lexmark cx310_firmware *
lexmark ms71x_firmware *
lexmark ms617_firmware *
lexmark ms310_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
CVE-2019-10058 MEDIUM

Various Lexmark products have Incorrect Access Control.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark c925_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms610de_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark cs51x_firmware *
lexmark m3150_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-10059 MEDIUM

The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark c925_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-16758 MEDIUM

In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lexmark services_monitor_firmware 2.27.4.0.39
CVE-2019-18791 LOW

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark xm1145_firmware *
lexmark c925_firmware *
lexmark xm1140_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms610de_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx31x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark cx510_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark m3150_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark cx51x_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark cx41x_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark xc2132_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark mx610_firmware *
lexmark xc2130_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-19772 LOW

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark xm1145_firmware *
lexmark c925_firmware *
lexmark xm1140_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms610de_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark cx510_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark cs51x_firmware *
lexmark m3150_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark xc2132_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark xc2130_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-19773 LOW

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark xm1145_firmware *
lexmark c925_firmware *
lexmark xm1140_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms610de_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark cx510_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark cs51x_firmware *
lexmark m3150_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark xc2132_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark xc2130_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-6489 MEDIUM

Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lexmark xm7170_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark xm1145_firmware *
lexmark cx410_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark x548_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark xm7170x_firmware *
lexmark x65x_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark xm7163_firmware *
lexmark xm7155x_firmware *
lexmark mx611_firmware *
lexmark xc2132_firmware *
lexmark xm7163x_firmware *
lexmark mx610_firmware *
lexmark mx6500e_firmware *
lexmark x95x_firmware *
lexmark mx511_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark xs79x_firmware *
lexmark xm5163_firmware *
lexmark xs925_firmware *
lexmark cx510_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark mx91x_firmware *
lexmark x46x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark xm3150_firmware *
lexmark xm7155_firmware *
lexmark xm5170_firmware *
CVE-2019-9930 HIGH

Various Lexmark products have an Integer Overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark c925_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-9931 HIGH

Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark c925_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-9932 HIGH

Various Lexmark products have a Buffer Overflow (issue 2 of 3).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark c925_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-9933 HIGH

Various Lexmark products have a Buffer Overflow (issue 3 of 3).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark c925_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2019-9934 MEDIUM

Various Lexmark products have Incorrect Access Control (issue 1 of 2).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
lexmark ms610dn_firmware *
lexmark m1140_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark mx31x_firmware *
lexmark ms51x_firmware *
lexmark ms415_firmware *
lexmark m1145_firmware *
lexmark ms410_firmware *
lexmark ms810_firmware *
lexmark ms817_firmware *
lexmark cs31x_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark m3150dn_firmware *
lexmark ms315_firmware *
lexmark ms811_firmware *
lexmark cx310_firmware *
lexmark ms71x_firmware *
lexmark ms617_firmware *
lexmark ms310_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
CVE-2019-9935 MEDIUM

Various Lexmark products have Incorrect Access Control (issue 2 of 2).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
lexmark ms610dn_firmware *
lexmark m1140_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark mx31x_firmware *
lexmark ms51x_firmware *
lexmark ms415_firmware *
lexmark m1145_firmware *
lexmark ms410_firmware *
lexmark ms810_firmware *
lexmark ms817_firmware *
lexmark cs31x_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark m3150dn_firmware *
lexmark ms315_firmware *
lexmark ms811_firmware *
lexmark cx310_firmware *
lexmark ms71x_firmware *
lexmark ms617_firmware *
lexmark ms310_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
CVE-2020-10093 LOW

A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark xm1145_firmware *
lexmark c925_firmware *
lexmark xm1140_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms610de_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark cx510_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark cs51x_firmware *
lexmark m3150_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark xc2132_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark xc2130_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2020-10094 LOW

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark xm1145_firmware *
lexmark c925_firmware *
lexmark xm1140_firmware *
lexmark x73x_firmware *
lexmark mx31x_firmware *
lexmark ms91x_firmware *
lexmark ms51x_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms410_firmware *
lexmark ms610de_firmware *
lexmark ms817_firmware *
lexmark ms417_firmware *
lexmark ms812_firmware *
lexmark mx6500e_firmware *
lexmark ms812de_firmware *
lexmark xm51xx_firmware *
lexmark ms315_firmware *
lexmark x95x_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark ms617_firmware *
lexmark c734_firmware *
lexmark cx510_firmware *
lexmark c748_firmware *
lexmark mx91x_firmware *
lexmark x86x_firmware *
lexmark xm91x_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark cs41x_firmware *
lexmark cs51x_firmware *
lexmark m3150_firmware *
lexmark xm71xx_firmware *
lexmark c950_firmware *
lexmark xs95x_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark ms610dn_firmware *
lexmark xs748_firmware *
lexmark x925_firmware *
lexmark cs796_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark x65x_firmware *
lexmark m1145_firmware *
lexmark x74x_firmware *
lexmark mx81x_firmware *
lexmark m5170_firmware *
lexmark ms810_firmware *
lexmark mx611_firmware *
lexmark ms810de_firmware *
lexmark xc2132_firmware *
lexmark w850_firmware *
lexmark c746_firmware *
lexmark cs31x_firmware *
lexmark mx610_firmware *
lexmark xc2130_firmware *
lexmark m3150dn_firmware *
lexmark e46x_firmware *
lexmark mx511_firmware *
lexmark ms811_firmware *
lexmark xs79x_firmware *
lexmark ms71x_firmware *
lexmark xs925_firmware *
lexmark mx510_firmware *
lexmark x792_firmware *
lexmark mx71x_firmware *
lexmark xs548_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
CVE-2021-35449 HIGH

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
lexmark g4_driver *
lexmark g3_driver *
lexmark universal_print_driver *
lexmark g2_driver *
CVE-2021-35469 HIGH

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,

Products Affected

Vendor Product Version
lexmark printer_software_g4 *
lexmark printer_software_g3 *
lexmark printer_software_g2 *
CVE-2021-44734 HIGH

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark cs923_firmware *
lexmark mc2325_firmware *
lexmark xm1145_firmware *
lexmark cx431_firmware *
lexmark xc9225_firmware *
lexmark mx910_firmware *
lexmark m3150de_firmware *
lexmark c2535_firmware *
lexmark ms826_firmware *
lexmark xc9245_firmware *
lexmark mx822_firmware *
lexmark xc8160_firmware *
lexmark ms812de_firmware *
lexmark ms517_firmware *
lexmark xm9145_firmware *
lexmark mx718_firmware *
lexmark c4150_firmware *
lexmark mb2338_firmware *
lexmark m5163de_firmware *
lexmark mb3442_firmware *
lexmark xm5163_firmware *
lexmark cx510_firmware *
lexmark cx625_firmware *
lexmark x746_firmware *
lexmark xm3250_firmware *
lexmark b2650_firmware *
lexmark xm5270_firmware *
lexmark c3426_firmware *
lexmark cx860_firmware *
lexmark xc9255_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark x925_firmware *
lexmark mx417_firmware *
lexmark mc2535_firmware *
lexmark ms312_firmware *
lexmark mb2770_firmware *
lexmark xm7263_firmware *
lexmark xm7370_firmware *
lexmark xs798_firmware *
lexmark cx317_firmware *
lexmark mx717_firmware *
lexmark cx331_firmware *
lexmark x65x_firmware *
lexmark ms331_firmware *
lexmark m5170_firmware *
lexmark xm7163_firmware *
lexmark w850_firmware *
lexmark c3224_firmware *
lexmark mx610_firmware *
lexmark cx725_firmware *
lexmark m3150dn_firmware *
lexmark ms621_firmware *
lexmark xm9155_firmware *
lexmark mx911_firmware *
lexmark cs431_firmware *
lexmark b2338_firmware *
lexmark b2442_firmware *
lexmark cs720_firmware *
lexmark ms810dn_firmware *
lexmark c9235_firmware *
lexmark cs727_firmware *
lexmark cs725_firmware *
lexmark cs310_firmware *
lexmark xm7355_firmware *
lexmark mx331_firmware *
lexmark cx522_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms710_firmware *
lexmark cs622_firmware *
lexmark x950_firmware *
lexmark cx923_firmware *
lexmark ms825_firmware *
lexmark ms417_firmware *
lexmark xm5365_firmware *
lexmark mx811_firmware *
lexmark mx410_firmware *
lexmark m1242_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark x86x_firmware *
lexmark xm1246_firmware *
lexmark mx710_firmware *
lexmark mx421_firmware *
lexmark xc9265_firmware *
lexmark xm1135_firmware *
lexmark xc4143_firmware *
lexmark mx622_firmware *
lexmark cx622_firmware *
lexmark ms610dn_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163dn_firmware *
lexmark x748_firmware *
lexmark cx920_firmware *
lexmark x952_firmware *
lexmark xc2235_firmware *
lexmark mx721_firmware *
lexmark xs950_firmware *
lexmark ms711_firmware *
lexmark xs796_firmware *
lexmark ms810de_firmware *
lexmark cs439_firmware *
lexmark xc2130_firmware *
lexmark xc2326_firmware *
lexmark mx617_firmware *
lexmark b2865_firmware *
lexmark cs921_firmware *
lexmark mc3326_firmware *
lexmark mx521_firmware *
lexmark cx825_firmware *
lexmark cx820_firmware *
lexmark c2425_firmware *
lexmark mx510_firmware *
lexmark xs548_firmware *
lexmark ms510_firmware *
lexmark c2240_firmware *
lexmark c2326_firmware *
lexmark xc8155_firmware *
lexmark xm7155_firmware *
lexmark xm9165_firmware *
lexmark m5270_firmware *
lexmark c925_firmware *
lexmark mx812_firmware *
lexmark cx924_firmware *
lexmark mx912_firmware *
lexmark m1246_firmware *
lexmark cs410_firmware *
lexmark cx727_firmware *
lexmark cs517_firmware *
lexmark xc4153_firmware *
lexmark b2546_firmware *
lexmark ms410_firmware *
lexmark xc6152_firmware *
lexmark ms610de_firmware *
lexmark xs955_firmware *
lexmark mb2546_firmware *
lexmark cs417_firmware *
lexmark mc3224_firmware *
lexmark mx6500e_firmware *
lexmark cs521_firmware *
lexmark ms431_firmware *
lexmark xc9235_firmware *
lexmark m5155_firmware *
lexmark mx722_firmware *
lexmark ms725_firmware *
lexmark ms818_firmware *
lexmark m5255_firmware *
lexmark c6160_firmware *
lexmark c950_firmware *
lexmark mx321_firmware *
lexmark b3340_firmware *
lexmark ms812dn_firmware *
lexmark mb2236_firmware *
lexmark m1145_firmware *
lexmark xs795_firmware *
lexmark cs927_firmware *
lexmark mx611_firmware *
lexmark xc2132_firmware *
lexmark xm1242_firmware *
lexmark e46x_firmware *
lexmark cs827_firmware *
lexmark mx511_firmware *
lexmark mc3426_firmware *
lexmark mx317_firmware *
lexmark m1342_firmware *
lexmark c3326_firmware *
lexmark x792_firmware *
lexmark xc4140_firmware *
lexmark cs421_firmware *
lexmark mc2640_firmware *
lexmark mx517_firmware *
lexmark xm5170_firmware *
lexmark mb2650_firmware *
lexmark ms321_firmware *
lexmark ms622_firmware *
lexmark mx826_firmware *
lexmark xm1140_firmware *
lexmark ms521_firmware *
lexmark x73x_firmware *
lexmark cs510_firmware *
lexmark xc4150_firmware *
lexmark ms911_firmware *
lexmark mb2442_firmware *
lexmark m3250_firmware *
lexmark cx417_firmware *
lexmark cx922_firmware *
lexmark cx921_firmware *
lexmark b3442_firmware *
lexmark ms817_firmware *
lexmark mc2425_firmware *
lexmark xm5263_firmware *
lexmark xc8163_firmware *
lexmark mx310_firmware *
lexmark ms315_firmware *
lexmark cx310_firmware *
lexmark mx711_firmware *
lexmark ms617_firmware *
lexmark xc4240_firmware *
lexmark cs728_firmware *
lexmark ms821_firmware *
lexmark xc6153_firmware *
lexmark xm7170_firmware *
lexmark b2236_firmware *
lexmark xs748_firmware *
lexmark ms421_firmware *
lexmark cs796_firmware *
lexmark ms317_firmware *
lexmark ms823_firmware *
lexmark xm7270_firmware *
lexmark cx517_firmware *
lexmark x954_firmware *
lexmark mx810_firmware *
lexmark ms822_firmware *
lexmark c746_firmware *
lexmark cs820_firmware *
lexmark cs331_firmware *
lexmark ms811_firmware *
lexmark c2132_firmware *
lexmark mx522_firmware *
lexmark m1140+_firmware *
lexmark xs925_firmware *
lexmark xm1342_firmware *
lexmark cx421_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark c2325_firmware *
lexmark mx431_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
lexmark cs317_firmware *
CVE-2021-44735 HIGH

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
lexmark m5270_firmware *
lexmark cs923_firmware *
lexmark mc2325_firmware *
lexmark cx431_firmware *
lexmark cx924_firmware *
lexmark xc9225_firmware *
lexmark m1246_firmware *
lexmark cx727_firmware *
lexmark c2535_firmware *
lexmark xc4153_firmware *
lexmark b2546_firmware *
lexmark ms826_firmware *
lexmark xc6152_firmware *
lexmark xc9245_firmware *
lexmark mx822_firmware *
lexmark mb2546_firmware *
lexmark xc8160_firmware *
lexmark mc3224_firmware *
lexmark cs521_firmware *
lexmark ms431_firmware *
lexmark c4150_firmware *
lexmark mb2338_firmware *
lexmark xc9235_firmware *
lexmark mb3442_firmware *
lexmark mx722_firmware *
lexmark cx625_firmware *
lexmark ms725_firmware *
lexmark xm3250_firmware *
lexmark m5255_firmware *
lexmark b2650_firmware *
lexmark c6160_firmware *
lexmark c3426_firmware *
lexmark cx860_firmware *
lexmark mx321_firmware *
lexmark b3340_firmware *
lexmark xc9255_firmware *
lexmark mb2236_firmware *
lexmark mc2535_firmware *
lexmark mb2770_firmware *
lexmark xm7370_firmware *
lexmark cx331_firmware *
lexmark ms331_firmware *
lexmark cs927_firmware *
lexmark xm1242_firmware *
lexmark c3224_firmware *
lexmark cx725_firmware *
lexmark ms621_firmware *
lexmark cs827_firmware *
lexmark mc3426_firmware *
lexmark m1342_firmware *
lexmark cs431_firmware *
lexmark b2338_firmware *
lexmark c3326_firmware *
lexmark b2442_firmware *
lexmark cs720_firmware *
lexmark xc4140_firmware *
lexmark cs421_firmware *
lexmark mc2640_firmware *
lexmark c9235_firmware *
lexmark mb2650_firmware *
lexmark ms321_firmware *
lexmark ms622_firmware *
lexmark mx826_firmware *
lexmark ms521_firmware *
lexmark cs727_firmware *
lexmark cs725_firmware *
lexmark xc4150_firmware *
lexmark mb2442_firmware *
lexmark xm7355_firmware *
lexmark m3250_firmware *
lexmark mx331_firmware *
lexmark cx522_firmware *
lexmark cx922_firmware *
lexmark cx921_firmware *
lexmark cs622_firmware *
lexmark b3442_firmware *
lexmark cx923_firmware *
lexmark mc2425_firmware *
lexmark ms825_firmware *
lexmark xc8163_firmware *
lexmark xm5365_firmware *
lexmark m1242_firmware *
lexmark xc4240_firmware *
lexmark cs728_firmware *
lexmark xm1246_firmware *
lexmark ms821_firmware *
lexmark xc6153_firmware *
lexmark mx421_firmware *
lexmark xc9265_firmware *
lexmark xc4143_firmware *
lexmark mx622_firmware *
lexmark b2236_firmware *
lexmark cx622_firmware *
lexmark ms421_firmware *
lexmark cx920_firmware *
lexmark xc2235_firmware *
lexmark mx721_firmware *
lexmark ms823_firmware *
lexmark ms822_firmware *
lexmark cs820_firmware *
lexmark cs331_firmware *
lexmark cs439_firmware *
lexmark xc2326_firmware *
lexmark b2865_firmware *
lexmark cs921_firmware *
lexmark mc3326_firmware *
lexmark mx521_firmware *
lexmark mx522_firmware *
lexmark cx825_firmware *
lexmark cx820_firmware *
lexmark xm1342_firmware *
lexmark c2425_firmware *
lexmark cx421_firmware *
lexmark c2325_firmware *
lexmark mx431_firmware *
lexmark c2240_firmware *
lexmark c2326_firmware *
lexmark xc8155_firmware *
CVE-2021-44736 HIGH

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
lexmark mc3224i_firmware -
CVE-2021-44737 HIGH

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark cs923_firmware *
lexmark mc2325_firmware *
lexmark xm1145_firmware *
lexmark cx431_firmware *
lexmark xc9225_firmware *
lexmark mx910_firmware *
lexmark m3150de_firmware *
lexmark c2535_firmware *
lexmark ms826_firmware *
lexmark xc9245_firmware *
lexmark mx822_firmware *
lexmark xc8160_firmware *
lexmark ms812de_firmware *
lexmark ms517_firmware *
lexmark xm9145_firmware *
lexmark mx718_firmware *
lexmark c4150_firmware *
lexmark mb2338_firmware *
lexmark m5163de_firmware *
lexmark mb3442_firmware *
lexmark xm5163_firmware *
lexmark cx510_firmware *
lexmark cx625_firmware *
lexmark x746_firmware *
lexmark xm3250_firmware *
lexmark b2650_firmware *
lexmark xm5270_firmware *
lexmark c3426_firmware *
lexmark cx860_firmware *
lexmark xc9255_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark x925_firmware *
lexmark mx417_firmware *
lexmark mc2535_firmware *
lexmark ms312_firmware *
lexmark mb2770_firmware *
lexmark xm7263_firmware *
lexmark xm7370_firmware *
lexmark xs798_firmware *
lexmark cx317_firmware *
lexmark mx717_firmware *
lexmark cx331_firmware *
lexmark x65x_firmware *
lexmark ms331_firmware *
lexmark m5170_firmware *
lexmark xm7163_firmware *
lexmark w850_firmware *
lexmark c3224_firmware *
lexmark mx610_firmware *
lexmark cx725_firmware *
lexmark m3150dn_firmware *
lexmark ms621_firmware *
lexmark xm9155_firmware *
lexmark mx911_firmware *
lexmark cs431_firmware *
lexmark b2338_firmware *
lexmark b2442_firmware *
lexmark cs720_firmware *
lexmark ms810dn_firmware *
lexmark c9235_firmware *
lexmark cs727_firmware *
lexmark cs725_firmware *
lexmark cs310_firmware *
lexmark xm7355_firmware *
lexmark mx331_firmware *
lexmark cx522_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms710_firmware *
lexmark cs622_firmware *
lexmark x950_firmware *
lexmark cx923_firmware *
lexmark ms825_firmware *
lexmark ms417_firmware *
lexmark xm5365_firmware *
lexmark mx811_firmware *
lexmark mx410_firmware *
lexmark m1242_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark x86x_firmware *
lexmark xm1246_firmware *
lexmark mx710_firmware *
lexmark mx421_firmware *
lexmark xc9265_firmware *
lexmark xm1135_firmware *
lexmark xc4143_firmware *
lexmark mx622_firmware *
lexmark cx622_firmware *
lexmark ms610dn_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163dn_firmware *
lexmark x748_firmware *
lexmark cx920_firmware *
lexmark x952_firmware *
lexmark xc2235_firmware *
lexmark mx721_firmware *
lexmark xs950_firmware *
lexmark ms711_firmware *
lexmark xs796_firmware *
lexmark ms810de_firmware *
lexmark cs439_firmware *
lexmark xc2130_firmware *
lexmark xc2326_firmware *
lexmark mx617_firmware *
lexmark b2865_firmware *
lexmark cs921_firmware *
lexmark mc3326_firmware *
lexmark mx521_firmware *
lexmark cx825_firmware *
lexmark cx820_firmware *
lexmark c2425_firmware *
lexmark mx510_firmware *
lexmark xs548_firmware *
lexmark ms510_firmware *
lexmark c2240_firmware *
lexmark c2326_firmware *
lexmark xc8155_firmware *
lexmark xm7155_firmware *
lexmark xm9165_firmware *
lexmark m5270_firmware *
lexmark c925_firmware *
lexmark mx812_firmware *
lexmark cx924_firmware *
lexmark mx912_firmware *
lexmark m1246_firmware *
lexmark cs410_firmware *
lexmark cx727_firmware *
lexmark cs517_firmware *
lexmark xc4153_firmware *
lexmark b2546_firmware *
lexmark ms410_firmware *
lexmark xc6152_firmware *
lexmark ms610de_firmware *
lexmark xs955_firmware *
lexmark mb2546_firmware *
lexmark cs417_firmware *
lexmark mc3224_firmware *
lexmark mx6500e_firmware *
lexmark cs521_firmware *
lexmark ms431_firmware *
lexmark xc9235_firmware *
lexmark m5155_firmware *
lexmark mx722_firmware *
lexmark ms725_firmware *
lexmark ms818_firmware *
lexmark m5255_firmware *
lexmark c6160_firmware *
lexmark c950_firmware *
lexmark mx321_firmware *
lexmark b3340_firmware *
lexmark ms812dn_firmware *
lexmark mb2236_firmware *
lexmark m1145_firmware *
lexmark xs795_firmware *
lexmark cs927_firmware *
lexmark mx611_firmware *
lexmark xc2132_firmware *
lexmark xm1242_firmware *
lexmark e46x_firmware *
lexmark cs827_firmware *
lexmark mx511_firmware *
lexmark mc3426_firmware *
lexmark mx317_firmware *
lexmark m1342_firmware *
lexmark c3326_firmware *
lexmark x792_firmware *
lexmark xc4140_firmware *
lexmark cs421_firmware *
lexmark mc2640_firmware *
lexmark mx517_firmware *
lexmark xm5170_firmware *
lexmark mb2650_firmware *
lexmark ms321_firmware *
lexmark ms622_firmware *
lexmark mx826_firmware *
lexmark xm1140_firmware *
lexmark ms521_firmware *
lexmark x73x_firmware *
lexmark cs510_firmware *
lexmark xc4150_firmware *
lexmark ms911_firmware *
lexmark mb2442_firmware *
lexmark m3250_firmware *
lexmark cx417_firmware *
lexmark cx922_firmware *
lexmark cx921_firmware *
lexmark b3442_firmware *
lexmark ms817_firmware *
lexmark mc2425_firmware *
lexmark xm5263_firmware *
lexmark xc8163_firmware *
lexmark mx310_firmware *
lexmark ms315_firmware *
lexmark cx310_firmware *
lexmark mx711_firmware *
lexmark ms617_firmware *
lexmark xc4240_firmware *
lexmark cs728_firmware *
lexmark ms821_firmware *
lexmark xc6153_firmware *
lexmark xm7170_firmware *
lexmark b2236_firmware *
lexmark xs748_firmware *
lexmark ms421_firmware *
lexmark cs796_firmware *
lexmark ms317_firmware *
lexmark ms823_firmware *
lexmark xm7270_firmware *
lexmark cx517_firmware *
lexmark x954_firmware *
lexmark mx810_firmware *
lexmark ms822_firmware *
lexmark c746_firmware *
lexmark cs820_firmware *
lexmark cs331_firmware *
lexmark ms811_firmware *
lexmark c2132_firmware *
lexmark mx522_firmware *
lexmark m1140+_firmware *
lexmark xs925_firmware *
lexmark xm1342_firmware *
lexmark cx421_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark c2325_firmware *
lexmark mx431_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
lexmark cs317_firmware *
CVE-2021-44738 HIGH

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
lexmark c792_firmware *
lexmark cs923_firmware *
lexmark mc2325_firmware *
lexmark xm1145_firmware *
lexmark cx431_firmware *
lexmark xc9225_firmware *
lexmark mx910_firmware *
lexmark m3150de_firmware *
lexmark c2535_firmware *
lexmark ms826_firmware *
lexmark xc9245_firmware *
lexmark mx822_firmware *
lexmark xc8160_firmware *
lexmark ms812de_firmware *
lexmark ms517_firmware *
lexmark xm9145_firmware *
lexmark mx718_firmware *
lexmark c4150_firmware *
lexmark mb2338_firmware *
lexmark m5163de_firmware *
lexmark mb3442_firmware *
lexmark xm5163_firmware *
lexmark cx510_firmware *
lexmark cx625_firmware *
lexmark x746_firmware *
lexmark xm3250_firmware *
lexmark b2650_firmware *
lexmark xm5270_firmware *
lexmark c3426_firmware *
lexmark cx860_firmware *
lexmark xc9255_firmware *
lexmark 6500e_firmware *
lexmark cx410_firmware *
lexmark c736_firmware *
lexmark x925_firmware *
lexmark mx417_firmware *
lexmark mc2535_firmware *
lexmark ms312_firmware *
lexmark mb2770_firmware *
lexmark xm7263_firmware *
lexmark xm7370_firmware *
lexmark xs798_firmware *
lexmark cx317_firmware *
lexmark mx717_firmware *
lexmark cx331_firmware *
lexmark x65x_firmware *
lexmark ms331_firmware *
lexmark m5170_firmware *
lexmark xm7163_firmware *
lexmark w850_firmware *
lexmark c3224_firmware *
lexmark mx610_firmware *
lexmark cx725_firmware *
lexmark m3150dn_firmware *
lexmark ms621_firmware *
lexmark xm9155_firmware *
lexmark mx911_firmware *
lexmark cs431_firmware *
lexmark b2338_firmware *
lexmark b2442_firmware *
lexmark cs720_firmware *
lexmark ms810dn_firmware *
lexmark c9235_firmware *
lexmark cs727_firmware *
lexmark cs725_firmware *
lexmark cs310_firmware *
lexmark xm7355_firmware *
lexmark mx331_firmware *
lexmark cx522_firmware *
lexmark t65x_firmware *
lexmark ms415_firmware *
lexmark ms710_firmware *
lexmark cs622_firmware *
lexmark x950_firmware *
lexmark cx923_firmware *
lexmark ms825_firmware *
lexmark ms417_firmware *
lexmark xm5365_firmware *
lexmark mx811_firmware *
lexmark mx410_firmware *
lexmark m1242_firmware *
lexmark c734_firmware *
lexmark c748_firmware *
lexmark x86x_firmware *
lexmark xm1246_firmware *
lexmark mx710_firmware *
lexmark mx421_firmware *
lexmark xc9265_firmware *
lexmark xm1135_firmware *
lexmark xc4143_firmware *
lexmark mx622_firmware *
lexmark cx622_firmware *
lexmark ms610dn_firmware *
lexmark x548_firmware *
lexmark m1140_firmware *
lexmark m5163dn_firmware *
lexmark x748_firmware *
lexmark cx920_firmware *
lexmark x952_firmware *
lexmark xc2235_firmware *
lexmark mx721_firmware *
lexmark xs950_firmware *
lexmark ms711_firmware *
lexmark xs796_firmware *
lexmark ms810de_firmware *
lexmark cs439_firmware *
lexmark xc2130_firmware *
lexmark xc2326_firmware *
lexmark mx617_firmware *
lexmark b2865_firmware *
lexmark cs921_firmware *
lexmark mc3326_firmware *
lexmark mx521_firmware *
lexmark cx825_firmware *
lexmark cx820_firmware *
lexmark c2425_firmware *
lexmark mx510_firmware *
lexmark xs548_firmware *
lexmark ms510_firmware *
lexmark c2240_firmware *
lexmark c2326_firmware *
lexmark xc8155_firmware *
lexmark xm7155_firmware *
lexmark xm9165_firmware *
lexmark m5270_firmware *
lexmark c925_firmware *
lexmark mx812_firmware *
lexmark cx924_firmware *
lexmark mx912_firmware *
lexmark m1246_firmware *
lexmark cs410_firmware *
lexmark cx727_firmware *
lexmark cs517_firmware *
lexmark xc4153_firmware *
lexmark b2546_firmware *
lexmark ms410_firmware *
lexmark xc6152_firmware *
lexmark ms610de_firmware *
lexmark xs955_firmware *
lexmark mb2546_firmware *
lexmark cs417_firmware *
lexmark mc3224_firmware *
lexmark mx6500e_firmware *
lexmark cs521_firmware *
lexmark ms431_firmware *
lexmark xc9235_firmware *
lexmark m5155_firmware *
lexmark mx722_firmware *
lexmark ms725_firmware *
lexmark ms818_firmware *
lexmark m5255_firmware *
lexmark c6160_firmware *
lexmark c950_firmware *
lexmark mx321_firmware *
lexmark b3340_firmware *
lexmark ms812dn_firmware *
lexmark mb2236_firmware *
lexmark m1145_firmware *
lexmark xs795_firmware *
lexmark cs927_firmware *
lexmark mx611_firmware *
lexmark xc2132_firmware *
lexmark xm1242_firmware *
lexmark e46x_firmware *
lexmark cs827_firmware *
lexmark mx511_firmware *
lexmark mc3426_firmware *
lexmark mx317_firmware *
lexmark m1342_firmware *
lexmark c3326_firmware *
lexmark x792_firmware *
lexmark xc4140_firmware *
lexmark cs421_firmware *
lexmark mc2640_firmware *
lexmark mx517_firmware *
lexmark xm5170_firmware *
lexmark mb2650_firmware *
lexmark ms321_firmware *
lexmark ms622_firmware *
lexmark mx826_firmware *
lexmark xm1140_firmware *
lexmark ms521_firmware *
lexmark x73x_firmware *
lexmark cs510_firmware *
lexmark xc4150_firmware *
lexmark ms911_firmware *
lexmark mb2442_firmware *
lexmark m3250_firmware *
lexmark cx417_firmware *
lexmark cx922_firmware *
lexmark cx921_firmware *
lexmark b3442_firmware *
lexmark ms817_firmware *
lexmark mc2425_firmware *
lexmark xm5263_firmware *
lexmark xc8163_firmware *
lexmark mx310_firmware *
lexmark ms315_firmware *
lexmark cx310_firmware *
lexmark mx711_firmware *
lexmark ms617_firmware *
lexmark xc4240_firmware *
lexmark cs728_firmware *
lexmark ms821_firmware *
lexmark xc6153_firmware *
lexmark xm7170_firmware *
lexmark b2236_firmware *
lexmark xs748_firmware *
lexmark ms421_firmware *
lexmark cs796_firmware *
lexmark ms317_firmware *
lexmark ms823_firmware *
lexmark xm7270_firmware *
lexmark cx517_firmware *
lexmark x954_firmware *
lexmark mx810_firmware *
lexmark ms822_firmware *
lexmark c746_firmware *
lexmark cs820_firmware *
lexmark cs331_firmware *
lexmark ms811_firmware *
lexmark c2132_firmware *
lexmark mx522_firmware *
lexmark m1140+_firmware *
lexmark xs925_firmware *
lexmark xm1342_firmware *
lexmark cx421_firmware *
lexmark x46x_firmware *
lexmark ms310_firmware *
lexmark c2325_firmware *
lexmark mx431_firmware *
lexmark cs748_firmware *
lexmark xm3150_firmware *
lexmark cs317_firmware *
CVE-2022-24935 MEDIUM

Lexmark products through 2022-02-10 have Incorrect Access Control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
lexmark lexmark_firmware *
CVE-2022-29850

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
lexmark m5270_firmware *
lexmark cs923_firmware *
lexmark mc2325_firmware *
lexmark cx431_firmware *
lexmark cx924_firmware *
lexmark xc9225_firmware *
lexmark m1246_firmware *
lexmark cx727_firmware *
lexmark c2535_firmware *
lexmark xc4153_firmware *
lexmark b2546_firmware *
lexmark ms826_firmware *
lexmark xc6152_firmware *
lexmark xc9245_firmware *
lexmark mx822_firmware *
lexmark mb2546_firmware *
lexmark xc8160_firmware *
lexmark mc3224_firmware *
lexmark cs521_firmware *
lexmark ms431_firmware *
lexmark c4150_firmware *
lexmark xc9235_firmware *
lexmark mb3442_firmware *
lexmark mx722_firmware *
lexmark cx625_firmware *
lexmark ms725_firmware *
lexmark xm3250_firmware *
lexmark m5255_firmware *
lexmark b2650_firmware *
lexmark c6160_firmware *
lexmark c3426_firmware *
lexmark cx860_firmware *
lexmark mx321_firmware *
lexmark b3340_firmware *
lexmark xc9255_firmware *
lexmark mb2236_firmware *
lexmark mc2535_firmware *
lexmark mb2770_firmware *
lexmark xm7370_firmware *
lexmark cx331_firmware *
lexmark ms331_firmware *
lexmark cs927_firmware *
lexmark xm1242_firmware *
lexmark c3224_firmware *
lexmark cx725_firmware *
lexmark ms621_firmware *
lexmark cs827_firmware *
lexmark mc3426_firmware *
lexmark m1342_firmware *
lexmark cs431_firmware *
lexmark b2338_firmware *
lexmark c3326_firmware *
lexmark b2442_firmware *
lexmark cs720_firmware *
lexmark xc4140_firmware *
lexmark cs421_firmware *
lexmark mc2640_firmware *
lexmark c9235_firmware *
lexmark mb2650_firmware *
lexmark ms321_firmware *
lexmark ms622_firmware *
lexmark mx826_firmware *
lexmark ms521_firmware *
lexmark cs727_firmware *
lexmark cs725_firmware *
lexmark xc4150_firmware *
lexmark mb2442_firmware *
lexmark xm7355_firmware *
lexmark m3250_firmware *
lexmark mx331_firmware *
lexmark cx522_firmware *
lexmark cx922_firmware *
lexmark cx921_firmware *
lexmark cs622_firmware *
lexmark b3442_firmware *
lexmark cx923_firmware *
lexmark mc2425_firmware *
lexmark ms825_firmware *
lexmark xc8163_firmware *
lexmark xm5365_firmware *
lexmark m1242_firmware *
lexmark xc4240_firmware *
lexmark cs728_firmware *
lexmark xm1246_firmware *
lexmark ms821_firmware *
lexmark xc6153_firmware *
lexmark mx421_firmware *
lexmark xc9265_firmware *
lexmark xc4143_firmware *
lexmark mx622_firmware *
lexmark b2236_firmware *
lexmark cx622_firmware *
lexmark ms421_firmware *
lexmark cx920_firmware *
lexmark xc2235_firmware *
lexmark mx721_firmware *
lexmark ms823_firmware *
lexmark ms822_firmware *
lexmark cs820_firmware *
lexmark cs331_firmware *
lexmark cs439_firmware *
lexmark xc2326_firmware *
lexmark b2865_firmware *
lexmark cs921_firmware *
lexmark mc3326_firmware *
lexmark mx521_firmware *
lexmark mx522_firmware *
lexmark cx825_firmware *
lexmark cx820_firmware *
lexmark xm1342_firmware *
lexmark c2425_firmware *
lexmark cx421_firmware *
lexmark c2325_firmware *
lexmark mx431_firmware *
lexmark c2240_firmware *
lexmark c2326_firmware *
lexmark xc8155_firmware *
CVE-2023-22960

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

Products Affected

Vendor Product Version
lexmark xc4342_firmware *
lexmark m5270_firmware *
lexmark mx931_firmware *
lexmark cs923_firmware *
lexmark mc2325_firmware *
lexmark cx431_firmware *
lexmark cx924_firmware *
lexmark xc9225_firmware *
lexmark m1246_firmware *
lexmark mx432_firmware *
lexmark cx727_firmware *
lexmark c2535_firmware *
lexmark xc4153_firmware *
lexmark b2546_firmware *
lexmark ms826_firmware *
lexmark xc9455_firmware *
lexmark xc6152_firmware *
lexmark xc9245_firmware *
lexmark mx822_firmware *
lexmark mb2546_firmware *
lexmark xc8160_firmware *
lexmark mc3224_firmware *
lexmark cs521_firmware *
lexmark cx944_firmware *
lexmark ms431_firmware *
lexmark c4150_firmware *
lexmark mb2338_firmware *
lexmark xc9235_firmware *
lexmark mb3442_firmware *
lexmark mx722_firmware *
lexmark cx625_firmware *
lexmark ms725_firmware *
lexmark xm3250_firmware *
lexmark m5255_firmware *
lexmark b2650_firmware *
lexmark c6160_firmware *
lexmark c3426_firmware *
lexmark cx860_firmware *
lexmark mx321_firmware *
lexmark b3340_firmware *
lexmark xc9255_firmware *
lexmark xc9465_firmware *
lexmark mb2236_firmware *
lexmark mc2535_firmware *
lexmark mb2770_firmware *
lexmark xm7370_firmware *
lexmark cx331_firmware *
lexmark ms331_firmware *
lexmark xm3142_firmware *
lexmark cs927_firmware *
lexmark xc9335_firmware *
lexmark xm1242_firmware *
lexmark c3224_firmware *
lexmark cx725_firmware *
lexmark ms621_firmware *
lexmark cs827_firmware *
lexmark mc3426_firmware *
lexmark m1342_firmware *
lexmark cs431_firmware *
lexmark b2338_firmware *
lexmark c3326_firmware *
lexmark b2442_firmware *
lexmark cs720_firmware *
lexmark xc4140_firmware *
lexmark cs421_firmware *
lexmark mc2640_firmware *
lexmark c9235_firmware *
lexmark mb2650_firmware *
lexmark ms321_firmware *
lexmark ms622_firmware *
lexmark mx826_firmware *
lexmark ms521_firmware *
lexmark cs727_firmware *
lexmark cs725_firmware *
lexmark xc4150_firmware *
lexmark mb2442_firmware *
lexmark xm7355_firmware *
lexmark m3250_firmware *
lexmark mx331_firmware *
lexmark cx522_firmware *
lexmark cx922_firmware *
lexmark cx921_firmware *
lexmark cs622_firmware *
lexmark b3442_firmware *
lexmark cx923_firmware *
lexmark mc2425_firmware *
lexmark ms825_firmware *
lexmark xc8163_firmware *
lexmark xm5365_firmware *
lexmark m1242_firmware *
lexmark xc4240_firmware *
lexmark cs728_firmware *
lexmark xm1246_firmware *
lexmark ms821_firmware *
lexmark xc6153_firmware *
lexmark mx421_firmware *
lexmark xc9265_firmware *
lexmark xc4143_firmware *
lexmark mx622_firmware *
lexmark b2236_firmware *
lexmark cx622_firmware *
lexmark ms421_firmware *
lexmark cx920_firmware *
lexmark xc2235_firmware *
lexmark mx721_firmware *
lexmark ms823_firmware *
lexmark xc4352_firmware *
lexmark xc9445_firmware *
lexmark ms822_firmware *
lexmark cs820_firmware *
lexmark cs331_firmware *
lexmark cs439_firmware *
lexmark xc2326_firmware *
lexmark b2865_firmware *
lexmark cs921_firmware *
lexmark mc3326_firmware *
lexmark mx521_firmware *
lexmark mx522_firmware *
lexmark cx825_firmware *
lexmark cx820_firmware *
lexmark xm1342_firmware *
lexmark c2425_firmware *
lexmark cx421_firmware *
lexmark c2325_firmware *
lexmark mx431_firmware *
lexmark c2240_firmware *
lexmark c2326_firmware *
lexmark xc8155_firmware *
CVE-2023-23560

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

Products Affected

Vendor Product Version
lexmark xc4342_firmware *
lexmark m5270_firmware *
lexmark mx931_firmware *
lexmark cs923_firmware *
lexmark mc2325_firmware *
lexmark cx431_firmware *
lexmark cx924_firmware *
lexmark xc9225_firmware *
lexmark m1246_firmware *
lexmark mx432_firmware *
lexmark cx727_firmware *
lexmark c2535_firmware *
lexmark xc4153_firmware *
lexmark b2546_firmware *
lexmark ms826_firmware *
lexmark xc9455_firmware *
lexmark xc6152_firmware *
lexmark xc9245_firmware *
lexmark mx822_firmware *
lexmark mb2546_firmware *
lexmark xc8160_firmware *
lexmark mc3224_firmware *
lexmark cs521_firmware *
lexmark cx944_firmware *
lexmark ms431_firmware *
lexmark c4150_firmware *
lexmark mb2338_firmware *
lexmark xc9235_firmware *
lexmark mb3442_firmware *
lexmark mx722_firmware *
lexmark cx625_firmware *
lexmark ms725_firmware *
lexmark xm3250_firmware *
lexmark m5255_firmware *
lexmark b2650_firmware *
lexmark c6160_firmware *
lexmark c3426_firmware *
lexmark cx860_firmware *
lexmark mx321_firmware *
lexmark b3340_firmware *
lexmark xc9255_firmware *
lexmark xc9465_firmware *
lexmark mb2236_firmware *
lexmark mc2535_firmware *
lexmark mb2770_firmware *
lexmark xm7370_firmware *
lexmark cx331_firmware *
lexmark ms331_firmware *
lexmark xm3142_firmware *
lexmark cs927_firmware *
lexmark xc9335_firmware *
lexmark xm1242_firmware *
lexmark c3224_firmware *
lexmark cx725_firmware *
lexmark ms621_firmware *
lexmark cs827_firmware *
lexmark mc3426_firmware *
lexmark m1342_firmware *
lexmark cs431_firmware *
lexmark b2338_firmware *
lexmark c3326_firmware *
lexmark b2442_firmware *
lexmark cs720_firmware *
lexmark xc4140_firmware *
lexmark cs421_firmware *
lexmark mc2640_firmware *
lexmark c9235_firmware *
lexmark mb2650_firmware *
lexmark ms321_firmware *
lexmark ms622_firmware *
lexmark mx826_firmware *
lexmark ms521_firmware *
lexmark cs727_firmware *
lexmark cs725_firmware *
lexmark xc4150_firmware *
lexmark mb2442_firmware *
lexmark xm7355_firmware *
lexmark m3250_firmware *
lexmark mx331_firmware *
lexmark cx522_firmware *
lexmark cx922_firmware *
lexmark cx921_firmware *
lexmark cs622_firmware *
lexmark b3442_firmware *
lexmark cx923_firmware *
lexmark mc2425_firmware *
lexmark ms825_firmware *
lexmark xc8163_firmware *
lexmark xm5365_firmware *
lexmark m1242_firmware *
lexmark xc4240_firmware *
lexmark cs728_firmware *
lexmark xm1246_firmware *
lexmark ms821_firmware *
lexmark xc6153_firmware *
lexmark mx421_firmware *
lexmark xc9265_firmware *
lexmark xc4143_firmware *
lexmark mx622_firmware *
lexmark b2236_firmware *
lexmark cx622_firmware *
lexmark ms421_firmware *
lexmark cx920_firmware *
lexmark xc2235_firmware *
lexmark mx721_firmware *
lexmark ms823_firmware *
lexmark xc4352_firmware *
lexmark xc9445_firmware *
lexmark ms822_firmware *
lexmark cs820_firmware *
lexmark cs331_firmware *
lexmark cs439_firmware *
lexmark xc2326_firmware *
lexmark b2865_firmware *
lexmark cs921_firmware *
lexmark mc3326_firmware *
lexmark mx521_firmware *
lexmark mx522_firmware *
lexmark cx825_firmware *
lexmark cx820_firmware *
lexmark xm1342_firmware *
lexmark c2425_firmware *
lexmark cx421_firmware *
lexmark c2325_firmware *
lexmark mx431_firmware *
lexmark c2240_firmware *
lexmark c2326_firmware *
lexmark xc8155_firmware *
CVE-2023-26063

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark cstzj_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark lhs60_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cxtzj_firmware *
lexmark lw80_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark lp_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark lr_firmware *
lexmark cxlbl_firmware *
CVE-2023-26064

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark cstzj_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark lhs60_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cxtzj_firmware *
lexmark lw80_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark lp_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark lr_firmware *
lexmark cxlbl_firmware *
CVE-2023-26065

Certain Lexmark devices through 2023-02-19 have an Integer Overflow.

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark cstzj_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark lhs60_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cxtzj_firmware *
lexmark lw80_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark lp_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark lr_firmware *
lexmark cxlbl_firmware *
CVE-2023-26066

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark cstzj_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark lhs60_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cxtzj_firmware *
lexmark lw80_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark lp_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark lr_firmware *
lexmark cxlbl_firmware *
CVE-2023-26067

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cstat_firmware *
lexmark cxnzj_firmware *
lexmark cxtzj_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark cxtat_firmware *
lexmark cxtpp_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark cstmh_firmware *
lexmark cxlbl_firmware *
CVE-2023-26068

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cstat_firmware *
lexmark cxnzj_firmware *
lexmark cxtzj_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark cxtat_firmware *
lexmark cxtpp_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark cstmh_firmware *
lexmark cxlbl_firmware *
CVE-2023-26069

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cstat_firmware *
lexmark cxnzj_firmware *
lexmark cxtzj_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark cxtat_firmware *
lexmark cxtpp_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark cstmh_firmware *
lexmark cxlbl_firmware *
CVE-2023-26070

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).

Products Affected

Vendor Product Version
lexmark msngm_firmware *
lexmark cstzj_firmware *
lexmark mxtct_firmware *
lexmark csnzj_firmware *
lexmark cxtpc_firmware *
lexmark cstpc_firmware *
lexmark mxtgw_firmware *
lexmark lhs60_firmware *
lexmark mslbd_firmware *
lexmark cxtmm_firmware *
lexmark mxlsg_firmware *
lexmark cxtzj_firmware *
lexmark lw80_firmware *
lexmark mstgw_firmware *
lexmark cxlbn_firmware *
lexmark mxtpm_firmware *
lexmark mxlbd_firmware *
lexmark mxngm_firmware *
lexmark lp_firmware *
lexmark cslbn_firmware *
lexmark msngw_firmware *
lexmark mslsg_firmware *
lexmark mxtgm_firmware *
lexmark cslbl_firmware *
lexmark lr_firmware *
lexmark cxlbl_firmware *
CVE-2023-40239

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
lexmark xm1145_firmware *
lexmark mx812_firmware *
lexmark xm1140_firmware *
lexmark mx912_firmware *
lexmark mx910_firmware *
lexmark cs510_firmware *
lexmark cs410_firmware *
lexmark m3150de_firmware *
lexmark cs310_firmware *
lexmark ms911_firmware *
lexmark cs517_firmware *
lexmark ms415_firmware *
lexmark cx417_firmware *
lexmark ms410_firmware *
lexmark ms610de_firmware *
lexmark ms710_firmware *
lexmark ms817_firmware *
lexmark cs417_firmware *
lexmark ms417_firmware *
lexmark xm5263_firmware *
lexmark ms812de_firmware *
lexmark mx811_firmware *
lexmark mx310_firmware *
lexmark ms315_firmware *
lexmark ms517_firmware *
lexmark xm9145_firmware *
lexmark mx718_firmware *
lexmark m5163de_firmware *
lexmark cx310_firmware *
lexmark mx410_firmware *
lexmark m5155_firmware *
lexmark mx711_firmware *
lexmark ms617_firmware *
lexmark xm5163_firmware *
lexmark cx510_firmware *
lexmark mx710_firmware *
lexmark ms818_firmware *
lexmark xm1135_firmware *
lexmark xm5270_firmware *
lexmark xm7170_firmware *
lexmark cx410_firmware *
lexmark ms610dn_firmware *
lexmark mx417_firmware *
lexmark m1140_firmware *
lexmark ms812dn_firmware *
lexmark ms317_firmware *
lexmark ms312_firmware *
lexmark m5163dn_firmware *
lexmark xm7263_firmware *
lexmark cx317_firmware *
lexmark mx717_firmware *
lexmark m1145_firmware *
lexmark ms711_firmware *
lexmark m5170_firmware *
lexmark xm7163_firmware *
lexmark mx611_firmware *
lexmark xm7270_firmware *
lexmark cx517_firmware *
lexmark ms810de_firmware *
lexmark xc2132_firmware *
lexmark mx810_firmware *
lexmark mx610_firmware *
lexmark xc2130_firmware *
lexmark m3150dn_firmware *
lexmark mx617_firmware *
lexmark mx511_firmware *
lexmark mx317_firmware *
lexmark ms811_firmware *
lexmark xm9155_firmware *
lexmark c2132_firmware *
lexmark mx911_firmware *
lexmark m1140+_firmware *
lexmark mx510_firmware *
lexmark ms810dn_firmware *
lexmark ms310_firmware *
lexmark ms510_firmware *
lexmark mx517_firmware *
lexmark xm3150_firmware *
lexmark xm7155_firmware *
lexmark xm9165_firmware *
lexmark cs317_firmware *
lexmark xm5170_firmware *