Command Injection Vulnerability in Lexmark Embedded Web Server
CVE-2021-44735

9.8CRITICAL

Key Information:

Vendor
Lexmark
Status
B2236 Firmware
Vendor
CVE Published:
20 January 2022

Badges

👾 Exploit Exists

Summary

This vulnerability allows an attacker to execute arbitrary commands on Lexmark devices via their embedded web server. By exploiting this flaw, an attacker can manipulate the device's operations, potentially leading to unauthorized access and control. The affected devices are at risk if proper security patches are not applied, making it crucial for users to monitor updates and maintain device security.

References

https://support.lexmark.com/alerts/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-22-330/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-22-326/
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.