CVE-2021-44737

Name: CVE-2021-44737
Creator: NVD / NIST
Published: 2022-01-20T17:15:17.967+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 1.44%

Last modified Jun 17, 2026

CVE-2021-44737 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.

Description

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.44%

69.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Lexmark	B2236 Firmware	< mslsg.076.294
Lexmark	Mb2236 Firmware	< mxlsg.076.294
Lexmark	Ms431 Firmware	< mslbd.076.294
Lexmark	Ms331 Firmware	< mslbd.076.294
Lexmark	M1342 Firmware	< mslbd.076.294
Lexmark	B3442 Firmware	< mslbd.076.294
Lexmark	B3340 Firmware	< mslbd.076.294
Lexmark	Xm1342 Firmware	< mslbd.076.294
Lexmark	Mx331 Firmware	< mxlbd.076.294
Lexmark	Mx431 Firmware	< mxlbd.076.294
Lexmark	Mb3442 Firmware	< mxlbd.076.294
Lexmark	Ms321 Firmware	< msngm.076.294
Lexmark	Ms421 Firmware	< msngm.076.294
Lexmark	Ms521 Firmware	< msngm.076.294
Lexmark	Ms621 Firmware	< msngm.076.294
Lexmark	M1242 Firmware	< msngm.076.294
Lexmark	M1246 Firmware	< msngm.076.294
Lexmark	B2338 Firmware	< msngm.076.294
Lexmark	B2442 Firmware	< msngm.076.294
Lexmark	B2546 Firmware	< msngm.076.294
Lexmark	B2650 Firmware	< msngm.076.294
Lexmark	Ms622 Firmware	< mstgm.076.294
Lexmark	M3250 Firmware	< mstgm.076.294
Lexmark	Mx321 Firmware	< mxngm.076.294
Lexmark	Mb2338 Firmware	< mxngm.076.294
Lexmark	Mx421 Firmware	< mxtgm.076.294
Lexmark	Mx521 Firmware	< mxtgm.076.294
Lexmark	Mx522 Firmware	< mxtgm.076.294
Lexmark	Mx622 Firmware	< mxtgm.076.294
Lexmark	Xm1242 Firmware	< mxtgm.076.294
Lexmark	Xm1246 Firmware	< mxtgm.076.294
Lexmark	Xm3250 Firmware	< mxtgm.076.294
Lexmark	Mb2442 Firmware	< mxtgm.076.294
Lexmark	Mb2546 Firmware	< mxtgm.076.294
Lexmark	Mb2650 Firmware	< mxtgm.076.294
Lexmark	Ms821 Firmware	< msngw.076.294
Lexmark	Ms823 Firmware	< msngw.076.294
Lexmark	Ms825 Firmware	< msngw.076.294
Lexmark	B2865 Firmware	< msngw.076.294
Lexmark	Ms725 Firmware	< msngw.076.294
Lexmark	Ms822 Firmware	< mstgw.076.294
Lexmark	Ms826 Firmware	< mstgw.076.294
Lexmark	M5255 Firmware	< mstgw.076.294
Lexmark	M5270 Firmware	< mstgw.076.294
Lexmark	Mx722 Firmware	< mxtgw.076.294
Lexmark	Mx822 Firmware	< mxtgw.076.294
Lexmark	Mx826 Firmware	< mxtgw.076.294
Lexmark	Xm5365 Firmware	< mxtgw.076.294
Lexmark	Xm7355 Firmware	< mxtgw.076.294
Lexmark	Xm7370 Firmware	< mxtgw.076.294

Showing 50 of 235 affected configurations. See NVD for the full list.

References

https://support.lexmark.com/alerts/Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-333/Third Party Advisory, VDB Entry
https://support.lexmark.com/alerts/Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-333/Third Party Advisory, VDB Entry

Timeline

Published: Jan 20, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-44737?

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.

How severe is CVE-2021-44737?

CVE-2021-44737 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.44% probability of exploitation in the next 30 days.

How do I fix CVE-2021-44737?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-44737?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST