CVE-2022-34886

moderate-risk
Published 2023-10-27

A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.

Do I need to act?

~
3.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (3)

Gm265Dn Firmware
Gm266Dns Firmware
G263Dns Firmware

Affected Vendors

Lenovo

References (2)

Patch https://iknow.lenovo.com.cn/detail/205041.html
Patch https://iknow.lenovo.com.cn/detail/205041.html
46
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 7/34 · Low
Exposure 9/34 · Low