Lexmark security bug leaves thousands of its printers open to attack

man-using-a-printer
(Image credit: Future)

Lexmark has urged its customers to update their printer’s firmware, following the publication of a proof-of-concept (PoC) exploit allowing remote code execution (RCE).

The exploit in question, designated CVE-2023-23560, can give attackers access to print job queues, reveal Wi-Fi network credentials, and allow access to other devices on a network.

Lexmark wrote in a security advisory that while it doesn’t believe the exploit is being widely used, more than 100 printer models are at risk of compromise while running pre-patch firmware.

TechRadar Pro needs you!

We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

 Lexmark firmware versions

Per BleepingComputer, firmware versions across all devices numbered 081.233 and below are vulnerable to RCE attacks, while fixed versions are numbered 081.234 or higher. Firmware versions released on or after January 18, 2022 are considered safe. 

To retrieve their current firmware version, Lexmark users can navigate to the “Device Information” section located on the ‘Menu Setting Page’ of the ‘Reports’ section of their device settings.

New firmware for affected printers can, as ever, be obtained from Lexmark’s driver download portal and, depending on the operating system of a user’s PC such as Windows or Linux, be installed either via USB or via network methods such as the File Transfer Protocol (FTP).

Those who, for whatever reason, can’t apply the firmware update are advised to disable the web services feature, blocking the exploit albeit at the expense of the device's internet-connected functionality.

To do this, users should navigate to the “Network/Ports” section of the settings menu, then the “TCP/IP” option, followed by the “TCP/IP Port Access” menu, before disabling “TCP 65002 (WSD Print Service)”.

Whether it’s a printer, a phone, a fridge, or anything else, devices capable of being connected to the internet can pose a risk to network security and the identities of users, and should be updated regularly.

Businesses and prosumers alike are advised to use separate, randomly generated passwords, stored in a password manager, across all their devices to decrease the chances of attackers using RCE exploits to invade a network. In addition, they could avoid a wireless printer altogether.

Luke Hughes
Staff Writer

 Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.