CVE-2018-18894

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

Published: Mar 10, 2020
Updated: Apr 13, 2023
CVE: CVE-2018-18894
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
lexmark / 6500e_firmware	-	lhs60.jr.p683
lexmark / c748_firmware	-	lhs60.cm4.p683
lexmark / c79x_firmware	-	lhs60.hc.p683
lexmark / c925_firmware	-	lhs60.hv.p683
lexmark / c95x_firmware	-	lhs60.tp.p683
lexmark / cs41x_firmware	-	lw71.vy2.p216
lexmark / cs51x_firmware	-	lw71.vy4.p216
lexmark / cs748_firmware	-	lhs60.cm4.p683.x
lexmark / cs796_firmware	-	lhs60.hc.p683
lexmark / cx410_firmware	-	lw71.gm4.p216
lexmark / cx510_firmware	-	lw71.gm7.p216
lexmark / m3150_firmware	-	lw71.pr4.p216
lexmark / m5155_firmware	-	lw71.dn4.p216
lexmark / m5163_firmware	-	lw71.dn4.p216
lexmark / m5170_firmware	-	lw71.dn7.p216
lexmark / ms610de_firmware	-	lw71.pr4.p216
lexmark / ms610dte_firmware	-	lw71.pr4.p216
lexmark / ms810de_firmware	-	lw71.dn4.p216
lexmark / ms812de_firmware	-	lw71.dn7.p216
lexmark / ms91x_firmware	-	lw71.sa.p216
lexmark / mx410_firmware	-	lw71.sb4.p216
lexmark / mx510_firmware	-	lw71.sb4.p216
lexmark / mx511_firmware	-	lw71.sb4.p216
lexmark / mx610_firmware	-	lw71.sb7.p216
lexmark / mx611_firmware	-	lw71.sb7.p216
lexmark / mx6500e_firmware	-	lw71.jd.p216.x
lexmark / mx71x_firmware	-	lw71.tu.p216
lexmark / mx81x_firmware	-	lw71.tu.p216
lexmark / mx91x_firmware	-	lw71.mg.p216
lexmark / sm91x_firmware	-	lw71.mg.p216
lexmark / x46x_firmware	-	lr.bs.p810
lexmark / x548_firmware	-	lhs60.vk.p683
lexmark / x65x_firmware	-	lr.mn.p810
lexmark / x73x_firmware	-	lr.fl.p810
lexmark / x74x_firmware	-	lhs60.ny.p683
lexmark / x792_firmware	-	lhs60.mr.p683
lexmark / x86x_firmware	-	lr.sp.p810
lexmark / x925_firmware	-	lhs60.hk.p683
lexmark / x95x_firmware	-	lhs60.tq.p683
lexmark / xc2132_firmware	-	lw71.gm7.p216
lexmark / xm1145_firmware	-	lw71.sb4.p216
lexmark / xm3150_firmware	-	lw71.sb7.p216
lexmark / xm51xx_firmware	-	lw71.tu.p216
lexmark / xm71xx_firmware	-	lw71.tu.p216
lexmark / xs478_firmware	-	lhs60.ny.p683
lexmark / xs548_firmware	-	lhs60.vk.p683
lexmark / xs79x_firmware	-	lhs60.mr.p683
lexmark / xs925_firmware	-	lhs60.hk.p683
lexmark / xs95x_firmware	-	lhs60.tq.p683

Vulnerability Database

290,206

CVE-2018-18894