CVE-2013-6032: Input Validation
First published: Tue Feb 04 2014(Updated: )
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lexmark 25xxn | <=lcl.cu.p114 | |
| Lexmark C52x | <=ls.fa.p150 | |
| Lexmark C53x | <=ls.sw.p069 | |
| Lexmark C77x | <=lc.cm.p052 | |
| Lexmark C78x | <=lc.io.p187 | |
| Lexmark C920 | <=ls.ta.p152 | |
| Lexmark C935dn | <=lc.jo.p091 | |
| Lexmark E250 | <=le.pm.p126 | |
| Lexmark E350 | <=le.ph.p129 | |
| Lexmark E450 | <=lm.sz.p124 | |
| Lexmark N4000 | <=lc.md.p119 | |
| Lexmark N4050e | <=go.go.n206 | |
| Lexmark N70xxe | <=lc.co.n309 | |
| Lexmark T64x | <=ls.st.p343 | |
| Lexmark W840 | <=ls.ha.p252 | |
| Lexmark X642 | <=lc2.mb.p318 | |
| Lexmark X644 | <=lc4.be.p487 | |
| Lexmark X646 | <=lc2.mc.p373 | |
| Lexmark X64xef | <=lc2.ti.p325 | |
| Lexmark X772 | <=lc2.tr.p291 | |
| Lexmark X78x | <=lc2.io.p335 | |
| Lexmark X85x | <=lc4.be.p487 | |
| Lexmark X94x | <=lc.br.p141 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lexmark
- canonical/lexmark 25xxn
- version/lexmark 25xxn/lcl.cu.p114
- canonical/lexmark c52x
- version/lexmark c52x/ls.fa.p150
- canonical/lexmark c53x
- version/lexmark c53x/ls.sw.p069
- canonical/lexmark c77x
- version/lexmark c77x/lc.cm.p052
- canonical/lexmark c78x
- version/lexmark c78x/lc.io.p187
- canonical/lexmark c920
- version/lexmark c920/ls.ta.p152
- canonical/lexmark c935dn
- version/lexmark c935dn/lc.jo.p091
- canonical/lexmark e250
- version/lexmark e250/le.pm.p126
- canonical/lexmark e350
- version/lexmark e350/le.ph.p129
- canonical/lexmark e450
- version/lexmark e450/lm.sz.p124
- canonical/lexmark n4000
- version/lexmark n4000/lc.md.p119
- canonical/lexmark n4050e
- version/lexmark n4050e/go.go.n206
- canonical/lexmark n70xxe
- version/lexmark n70xxe/lc.co.n309
- canonical/lexmark t64x
- version/lexmark t64x/ls.st.p343
- canonical/lexmark w840
- version/lexmark w840/ls.ha.p252
- canonical/lexmark x642
- version/lexmark x642/lc2.mb.p318
- canonical/lexmark x644
- version/lexmark x644/lc4.be.p487
- canonical/lexmark x646
- version/lexmark x646/lc2.mc.p373
- canonical/lexmark x64xef
- version/lexmark x64xef/lc2.ti.p325
- canonical/lexmark x772
- version/lexmark x772/lc2.tr.p291
- canonical/lexmark x78x
- version/lexmark x78x/lc2.io.p335
- canonical/lexmark x85x
- version/lexmark x85x/lc4.be.p487
- canonical/lexmark x94x
- version/lexmark x94x/lc.br.p141