CVE-2018-18894
HIGHLexmark C, M, X, and 6500e Firmware < 2018-12-18 - Path Traversal via Embedded Web Server
Title source: llmDescription
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://support.lexmark.com/alerts
Vendor Advisory x_refsource_confirm
http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US
Scores
CVSS v3
7.5
EPSS
0.0165
EPSS Percentile
73.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (49)
lexmark/6500e_firmware
< lhs60.jr.p683
lexmark/c748_firmware
< lhs60.cm4.p683
lexmark/c79x_firmware
< lhs60.hc.p683
lexmark/c925_firmware
< lhs60.hv.p683
lexmark/c95x_firmware
< lhs60.tp.p683
lexmark/cs41x_firmware
< lw71.vy2.p216
lexmark/cs51x_firmware
< lw71.vy4.p216
lexmark/cs748_firmware
< lhs60.cm4.p683
lexmark/cs796_firmware
< lhs60.hc.p683
lexmark/cx410_firmware
< lw71.gm4.p216
... and 39 more
Published
Mar 10, 2020
Tracked Since
Feb 18, 2026