CVE-2021-44734

Name: CVE-2021-44734
Creator: NVD / NIST
Published: 2022-01-20T17:15:17.833+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 6.43%

Last modified Jun 17, 2026

CVE-2021-44734 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.. EPSS estimates a 6.43% chance of exploitation in the next 30 days.

Description

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

6.43%

92.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Lexmark	B2236 Firmware	< mslsg.076.294
Lexmark	Mb2236 Firmware	< mxlsg.076.294
Lexmark	Ms431 Firmware	< mslbd.076.294
Lexmark	Ms331 Firmware	< mslbd.076.294
Lexmark	M1342 Firmware	< mslbd.076.294
Lexmark	B3442 Firmware	< mslbd.076.294
Lexmark	B3340 Firmware	< mslbd.076.294
Lexmark	Xm1342 Firmware	< mslbd.076.294
Lexmark	Mx331 Firmware	< mxlbd.076.294
Lexmark	Mx431 Firmware	< mxlbd.076.294
Lexmark	Mb3442 Firmware	< mxlbd.076.294
Lexmark	Ms321 Firmware	< msngm.076.294
Lexmark	Ms421 Firmware	< msngm.076.294
Lexmark	Ms521 Firmware	< msngm.076.294
Lexmark	Ms621 Firmware	< msngm.076.294
Lexmark	M1242 Firmware	< msngm.076.294
Lexmark	M1246 Firmware	< msngm.076.294
Lexmark	B2338 Firmware	< msngm.076.294
Lexmark	B2442 Firmware	< msngm.076.294
Lexmark	B2546 Firmware	< msngm.076.294
Lexmark	B2650 Firmware	< msngm.076.294
Lexmark	Ms622 Firmware	< mstgm.076.294
Lexmark	M3250 Firmware	< mstgm.076.294
Lexmark	Mx321 Firmware	< mxngm.076.294
Lexmark	Mb2338 Firmware	< mxngm.076.294
Lexmark	Mx421 Firmware	< mxtgm.076.294
Lexmark	Mx521 Firmware	< mxtgm.076.294
Lexmark	Mx522 Firmware	< mxtgm.076.294
Lexmark	Mx622 Firmware	< mxtgm.076.294
Lexmark	Xm1242 Firmware	< mxtgm.076.294
Lexmark	Xm1246 Firmware	< mxtgm.076.294
Lexmark	Xm3250 Firmware	< mxtgm.076.294
Lexmark	Mb2442 Firmware	< mxtgm.076.294
Lexmark	Mb2546 Firmware	< mxtgm.076.294
Lexmark	Mb2650 Firmware	< mxtgm.076.294
Lexmark	Ms821 Firmware	< msngw.076.294
Lexmark	Ms823 Firmware	< msngw.076.294
Lexmark	Ms825 Firmware	< msngw.076.294
Lexmark	B2865 Firmware	< msngw.076.294
Lexmark	Ms725 Firmware	< msngw.076.294
Lexmark	Ms822 Firmware	< mstgw.076.294
Lexmark	Ms826 Firmware	< mstgw.076.294
Lexmark	M5255 Firmware	< mstgw.076.294
Lexmark	M5270 Firmware	< mstgw.076.294
Lexmark	Mx722 Firmware	< mxtgw.076.294
Lexmark	Mx822 Firmware	< mxtgw.076.294
Lexmark	Mx826 Firmware	< mxtgw.076.294
Lexmark	Xm5365 Firmware	< mxtgw.076.294
Lexmark	Xm7355 Firmware	< mxtgw.076.294
Lexmark	Xm7370 Firmware	< mxtgw.076.294

Showing 50 of 235 affected configurations. See NVD for the full list.

References

https://support.lexmark.com/alerts/Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-332/Third Party Advisory, VDB Entry
https://support.lexmark.com/alerts/Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-332/Third Party Advisory, VDB Entry

Timeline

Published: Jan 20, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-44734?

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

How severe is CVE-2021-44734?

CVE-2021-44734 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 6.43% probability of exploitation in the next 30 days.

How do I fix CVE-2021-44734?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-44734?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST