CVE-2022-34886

Summary

A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.

Affected Software

VendorProductVersion RangeStatus
LenovoPrinter GM265DN (production date June 2022 and before)< 01.00.20Naffected
LenovoPrinter GM265DN (production date July 2022 and later)< 01.17.00.03.00affected
LenovoPrinter GM266DNS< 02.06.00.04.00affected
LenovoPrinter G263DNS< 02.06.00.04.00affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References