Vulnerability CVE-2010-0101

Published: 2010-05-04   Modified: 2012-02-13

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header.



(Improper Input Validation)

Vendor: Lexmark
Product: C543 
Product: T654 
Product: 25xxn 
Product: N8130 
Product: E462 
Product: X86X 
Product: E350 
Product: X65X 
Product: E240n 
Product: X546 
Product: C935dn 
Product: X36X 
Product: C546 
Product: W840 
Product: C52X 
Product: T64X 
Product: N4050e 
Product: E360dn 
Product: X772e 
Product: E260 
Product: X644 
Product: E238 
Product: X46X 
Product: C77X 
Product: X20X 
Product: C540 
Product: T652 
Product: N8120 
Product: E460 
Product: X85X 
Product: E34X 
Product: X64xef 
Product: E240 
Product: X544 
Product: C920 
Product: X34X 
Product: C544 
Product: T656 
Product: C510 
Product: T430 
Product: N4000 
Product: X94X 
Product: E360d 
Product: X73X 
Product: E250 
Product: X642 
Product: E120 
Product: X422 
Product: C73X 
Product: W850 
Product: C53X 
Product: T650 
Product: N70xxe 
Product: E450 
Product: X782e 
Product: E33X 
Product: X646 
Product: E23X 
Product: X543 
Product: C78X 
Product: X26X 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
Exploit range
Attack complexity
No required
Confidentiality impact
Integrity impact
Availability impact


Related CVE
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
Various Lexmark devices have a Buffer Overflow (issue 1 of 2).
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent the...
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/...
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters and A crafted PDF document can lead to a use-after-free resulting in direct code execution.
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user cont...
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versi...

Copyright 2019,


Back to Top