CVE-2022-34887

Summary

Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.

Affected Software

VendorProductVersion RangeStatus
LenovoPrinter GM265DN (production date June 2022 and before)< 01.00.20Naffected
LenovoPrinter GM265DN (production date July 2022 and later)< 01.17.00.03.00affected
LenovoPrinter GM266DNS< 02.06.00.04.00affected
LenovoPrinter G263DNS< 02.06.00.04.00affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References