Skip to Content Information Center
Lexmark B2236

Lexmark B2236

Lexmark Security Advisory: Wi-Fi Chip Driver Vulnerability (CVE-2019-14816)

Lexmark Security Advisory:

Revision: 1.2
Last update: 1 - February - 2021
Public Release Date: 3 - February - 2021

Summary

A vulnerability was found in the Wi-Fi chip driver used in Wi-Fi enabled Lexmark devices. Only devices with the Wi-Fi feature installed and connected to a Wi-Fi network are vulnerable.

References

CVE: CVE-2019-14816

Details

A vulnerability was found in the Linux kernel's Marvell Wi-Fi chip driver. The vulnerability can be exploited by an attacker on the same Wi-Fi physical network segment to cause a system crash resulting in a denial of service or potentially execution of arbitrary code.

CVSSv3 Base Score7.8(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Impact Subscore:5.9
Exploitability Subscore:1.8

CVSSv3 scores are calculated in accordance with CVSS version 3.1 (https://www.first.org/cvss/user-guide)

Impact

This vulnerability impacts devices with the Wi-Fi feature installed and connected to a Wi-Fi network. Successful exploitation of this vulnerability can lead to a system crash causing a denial of service or execution of arbitrary code.

Affected Products

To determine a device's firmware level, select the Settings > Reports > Menu Setting Page menu item from the operator panel.

If the firmware level listed under Device Information matches any level under Affected Releases, then upgrade to a Fixed Release.

Lexmark ModelsAffected ReleasesFixed Releases
B2236MSLSG.073.023 and previousMSLSG.073.225 and later
MS331, MS431MSLBD.073.023 and previousMSLBD.073.225 and later
M1241MSLBD.073.023 and previousMSLBD.073.225 and later
B3442, B3340MSLBD.073.023 and previousMSLBD.073.225 and later
MB2236MXLSG.073.023 and previousMXLSG.073.225 and later
MX431, MX331MXLBD.073.023 and previousMXLBD.073.225 and later
MB3442MXLBD.073.023 and previousMXLBD.073.225 and later
MS521MSNGM.073.023 and previousMSNGM.073.225 and later
MS621, MS622MSTGM.073.023 and previousMSTGM.073.225 and later
M1246, M3250MSTGM.073.023 and previousMSTGM.073.225 and later
B2546, B2650MSTGM.073.023 and previousMSTGM.073.225 and later
MX421, MX521, MX522, MX622MXTGM.073.023 and previousMXTGM.073.225 and later
XM1242, XM1246, XM3250MXTGM.073.023 and previousMXTGM.073.225 and later
MB2546, MB2650MXTGM.073.023 and previousMXTGM.073.225 and later
MX321MXNGM.073.023 and previousMXNGM.073.225 and later
MB2338MXNGM.073.023 and previousMXNGM.073.225 and later
MS725, MS821MSNGW.073.023 and previousMSNGW.073.225 and later
MS822, MS823, MS825, MS826MSTGW.073.023 and previousMSTGW.073.225 and later
M5255, M5270MSTGW.073.023 and previousMSTGW.073.225 and later
B2865MSTGW.073.023 and previousMSTGW.073.225 and later
MX721, MX722, MX822, MX826MXTGW.073.023 and previousMXTGW.073.225 and later
XM5365, XM7355, XM7370MXTGW.073.023 and previousMXTGW.073.225 and later
C3426CSLBN.073.023 and previousCSLBN.073.225 and later
CS431CSLBN.073.023 and previousCSLBN.073.225 and later
CS331CSLBL.073.023 and previousCSLBL.073.225 and later
C3224CSLBL.073.023 and previousCSLBL.073.225 and later
C3326CSLBL.073.023 and previousCSLBL.073.225 and later
MC3426CXLBN.073.023 and previousCXLBN.073.225 and later
CX431CXLBN.073.023 and previousCXLBN.073.225 and later
MC3326, MC3224CXLBL.073.023 and previousCXLBL.073.225 and later
CX331CXLBL.073.023 and previousCXLBL.073.225 and later
CS622CSTZJ.073.023 and previousCSTZJ.073.225 and later
C2240CSTZJ.073.023 and previousCSTZJ.073.225 and later
CS421, CS521CSNZJ.073.023 and previousCSNZJ.073.225 and later
C2535, C2325, C2425CSNZJ.073.023 and previousCSNZJ.073.225 and later
CX522, CX622, CX625CXTZJ.073.023 and previousCXTZJ.073.225 and later
XC2235, XC4240CXTZJ.073.023 and previousCXTZJ.073.225 and later
MC2535, MC2640CXTZJ.073.023 and previousCXTZJ.073.225 and later
CX421CXNZJ.073.023 and previousCXNZJ.073.225 and later
MC2325, MC2425CXNZJ.073.023 and previousCXNZJ.073.225 and later
CX820, CX825, CX860CXTPP.073.023 and previousCXTPP.073.225 and later
XC6152, XC8155, XC8160CXTPP.073.023 and previousCXTPP.073.225 and later
CS820CSTPP.073.023 and previousCSTPP.073.225 and later
C6160CSTPP.073.023 and previousCSTPP.073.225 and later
CS720, CS725CSTAT.073.023 and previousCSTAT.073.225 and later
C4150CSTAT.073.023 and previousCSTAT.073.225 and later
CX725CXTAT.073.023 and previousCXTAT.073.225 and later
XC4140, XC4150CXTAT.073.023 and previousCXTAT.073.225 and later
CS921, CS923CSTMH.073.023 and previousCSTMH.073.225 and later
CX921, CX922, CX923, CX924CXTMH.073.023 and previousCXTMH.073.225 and later
XC92xxCXTMH.073.023 and previousCXTMH.073.225 and later

Obtained Updated Software

To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center at http://support.lexmark.com to find your local support center.

Workarounds

Lexmark recommends a firmware update if your device has affected firmware. If you can not update your firmware, you can also workaround this vulnerability by removing the wireless card from your printer or disabling wireless on your device.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory.

Status of this Notice:

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND IS PROVIDED WITHOUT ANY EXPRESS OR IMPLIED GUARANTEE OR WARRANTY WHATSOEVER, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR USE OR PURPOSE. LEXMARK RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Distribution

This advisory is posted on Lexmark’s web site at http://support.lexmark.com/alerts

Future updates to this document will be posted on Lexmark’s web site at the same location.

Revision History

RevisionDateReason
1.112 - October - 2020Initial Public Release
1.21 - February - 2021Additional Clarification of Scope

Top

LEGACY ID: TE942

Consideraţi acest articol util?
Top