Lexmark Xm7270 Firmware vulnerabilities

CVE-2023-40239 [HIGH] CWE-611 CVE-2023-40239: Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

CVE-2021-44734 [CRITICAL] CWE-94 CVE-2021-44734: Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which ca Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

CVE-2021-44738 [CRITICAL] CWE-120 CVE-2021-44738: Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscrip Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

CVE-2021-44737 [HIGH] CWE-22 CVE-2021-44737: PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.