LexmarkCVEs & Vulnerabilities

66 CVEs affecting Lexmark products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

cx310 25x46x 24x65x 23ms811 23ms818 23m5163dn 23ms817 23x73x 23
CVE-2023-26067KEVHIGHin the wild

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

11 Apr 2026
8.1
CVSS
CVE-2023-40239HIGH

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

1 Sep 2023
7.5
CVSS
CVE-2023-26070CRITICAL

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).

10 Apr 2023
9.8
CVSS
CVE-2023-26069CRITICAL

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).

10 Apr 2023
9.8
CVSS
CVE-2023-26068CRITICAL

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

10 Apr 2023
9.8
CVSS
CVE-2023-26066CRITICAL

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.

10 Apr 2023
9.8
CVSS
CVE-2023-26065CRITICAL

Certain Lexmark devices through 2023-02-19 have an Integer Overflow.

10 Apr 2023
9.8
CVSS
CVE-2023-26064CRITICAL

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.

10 Apr 2023
9.8
CVSS
CVE-2023-26063CRITICAL

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.

10 Apr 2023
9.8
CVSS
CVE-2023-23560CRITICAL

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

24 Jan 2023
9.8
CVSS
CVE-2023-22960HIGH

Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.

24 Jan 2023
7.5
CVSS
CVE-2022-29850HIGH

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

26 Aug 2022
8.1
CVSS
CVE-2022-24935HIGH

Lexmark products through 2022-02-10 have Incorrect Access Control.

28 Apr 2022
7.5
CVSS
CVE-2021-44737HIGH

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.

20 Jan 2022
8.8
CVSS
CVE-2021-44736CRITICAL

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

20 Jan 2022
9.8
CVSS
CVE-2021-44735CRITICAL

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

20 Jan 2022
9.8
CVSS
CVE-2021-44734CRITICAL

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

20 Jan 2022
9.8
CVSS
CVE-2021-44738CRITICAL

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

20 Jan 2022
9.8
CVSS
CVE-2021-35449HIGH

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.

19 Jul 2021
7.8
CVSS
CVE-2021-35469HIGH

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

14 Jul 2021
7.8
CVSS
CVE-2020-10094MEDIUM

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.

28 Apr 2020
5.4
CVSS
CVE-2020-10093MEDIUM

A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products.

28 Apr 2020
5.4
CVSS
CVE-2018-18894HIGH

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

10 Mar 2020
7.5
CVSS
CVE-2016-1487HIGH

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.

9 Mar 2020
8.8
CVSS
CVE-2011-4538MEDIUM

Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

9 Mar 2020
5.3
CVSS
CVE-2011-3269HIGH

Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.

9 Mar 2020
7.5
CVSS
CVE-2016-6918CRITICAL

Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (

9 Mar 2020
9.8
CVSS
CVE-2019-19773MEDIUM

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

7 Mar 2020
5.4
CVSS
CVE-2019-19772MEDIUM

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

7 Mar 2020
5.4
CVSS
CVE-2019-18791MEDIUM

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

13 Feb 2020
5.4
CVSS
CVE-2014-8742HIGH

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.

27 Jan 2020
7.5
CVSS
CVE-2014-8741CRITICALpoc

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.

27 Jan 2020
9.8
CVSS
CVE-2019-16758HIGHpoc

In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

21 Nov 2019
7.5
CVSS
CVE-2019-9933CRITICAL

Various Lexmark products have a Buffer Overflow (issue 3 of 3).

29 Aug 2019
9.8
CVSS
CVE-2019-9932CRITICAL

Various Lexmark products have a Buffer Overflow (issue 2 of 3).

29 Aug 2019
9.8
CVSS
CVE-2019-9931HIGH

Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.

29 Aug 2019
7.5
CVSS
CVE-2019-9930CRITICAL

Various Lexmark products have an Integer Overflow.

29 Aug 2019
9.8
CVSS
CVE-2019-10059MEDIUM

The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.

29 Aug 2019
5.3
CVSS
CVE-2019-10057MEDIUM

Various Lexmark products have CSRF.

29 Aug 2019
6.5
CVSS
CVE-2019-9935MEDIUM

Various Lexmark products have Incorrect Access Control (issue 2 of 2).

28 Aug 2019
5.3
CVSS
CVE-2019-9934MEDIUM

Various Lexmark products have Incorrect Access Control (issue 1 of 2).

28 Aug 2019
5.3
CVSS
CVE-2019-10058CRITICAL

Various Lexmark products have Incorrect Access Control.

28 Aug 2019
9.1
CVSS
CVE-2018-15519CRITICAL

Various Lexmark devices have a Buffer Overflow (issue 1 of 2).

28 Jun 2019
9.8
CVSS
CVE-2018-15520CRITICAL

Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

28 Jun 2019
9.8
CVSS
CVE-2018-17944MEDIUM

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.

12 Mar 2019
4.9
CVSS
CVE-2019-6489MEDIUM

Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.

11 Feb 2019
5.3
CVSS
CVE-2017-13771CRITICAL

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.

7 Sep 2017
9.8
CVSS
CVE-2017-2822HIGH

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.

5 Sep 2017
7.5
CVSS
← PrevPage 1 / 2Next →