CVE-2018-18894

HIGH

Lexmark C, M, X, and 6500e Firmware < 2018-12-18 - Path Traversal via Embedded Web Server

Title source: llm
STIX 2.1

Description

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
http://support.lexmark.com/alerts

Scores

CVSS v3 7.5
EPSS 0.0165
EPSS Percentile 73.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (49)
lexmark/6500e_firmware < lhs60.jr.p683
lexmark/c748_firmware < lhs60.cm4.p683
lexmark/c79x_firmware < lhs60.hc.p683
lexmark/c925_firmware < lhs60.hv.p683
lexmark/c95x_firmware < lhs60.tp.p683
lexmark/cs41x_firmware < lw71.vy2.p216
lexmark/cs51x_firmware < lw71.vy4.p216
lexmark/cs748_firmware < lhs60.cm4.p683
lexmark/cs796_firmware < lhs60.hc.p683
lexmark/cx410_firmware < lw71.gm4.p216
... and 39 more
Published Mar 10, 2020
Tracked Since Feb 18, 2026