CVE-2021-44736: (Pwn2Own) Lexmark MC3224i Unprotected API Remote Code Execution Vulnerability
First published: Thu Jan 20 2022(Updated: )
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lexmark MC3224i | ||
| Lexmark Mc3224i Firmware | ||
| Lexmark MC3224i |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-44736?
CVE-2021-44736 is a vulnerability that allows remote attackers to remove authentication on affected installations of Lexmark MC3224i printers.
How severe is CVE-2021-44736?
CVE-2021-44736 has a severity score of 9.8, which is considered critical.
What is the affected software for CVE-2021-44736?
The affected software includes Lexmark MC3224i printers with firmware versions and Lexmark Mc3224i Firmware.
How can this vulnerability be exploited?
This vulnerability can be exploited by remote attackers through the lack of proper restriction to a URL handling.
Are there any references for more information about CVE-2021-44736?
Yes, you can find more information about CVE-2021-44736 at the following references: [1] [2] [3]
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-331
- alias/ZDI-CAN-15800
- alias/CVE-2021-44736
- agent/software-canonical-lookup
- vendor/lexmark
- canonical/lexmark mc3224i firmware
- canonical/lexmark mc3224i