This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.
Official security advisory -> https://publications.lexmark.com/publications/security-alerts/CVE-2023-22960.pdf
PoC tested against:
- Lexmark MX622adhe
- Lexmark CX735adse
- Lexmark MX521ade
In this video I demonstrate the issue as well as how to write an http(s) login bruteforce script with Python.
https://www.youtube.com/watch?v=HuAqTScr_3s
Without the brute-force prevention bypass:
Applying the the brute-force prevention bypass:
