Jeff Popio

**Name of the Vulnerable Software and Affected Versions** Lexmark X94x versions before LC.BR.P142 Lexmark X85x versions through LC4.BE.P487 Lexmark X644 and X646 versions before LC2.MC.P374 Lexmark X642 versions through LC2.MB.P318 Lexmark W840 versions through LS.HA.P252 Lexmark T64x versions before LS.ST.P344 Lexmark X64xef versions through LC2.TI.P325 Lexmark C935dn versions through LC.JO.P091 Lexmark C920 versions through LS.TA.P152 Lexmark C78x versions through LC.IO.P187 Lexmark X78x versions through LC2.IO.P335 Lexmark C77x versions through LC.CM.P052 Lexmark X772 versions through LC2.TR.P291 Lexmark C53x versions through LS.SW.P069 Lexmark C52x versions through LS.FA.P150 Lexmark 25xxN versions through LCL.CU.P114 Lexmark N4000 versions through LC.MD.P119 Lexmark N4050e versions through GO.GO.N206 Lexmark N70xxe versions through LC.CO.N309 Lexmark E450 versions through LM.SZ.P124 Lexmark E350 versions through LE.PH.P129 Lexmark E250 versions through LE.PM.P126 **Description** The issue allows remote attackers to remove the Password Protect administrative password via the `vac.255.GENPASSWORD` parameter in the "cgi-bin/postpf/cgi-bin/dynamic/config/config.html" endpoint. **Recommendations** For Lexmark X94x versions before LC.BR.P142, update to a version LC.BR.P142 or later. For Lexmark X85x versions through LC4.BE.P487, update to a version after LC4.BE.P487. For Lexmark X644 and X646 versions before LC2.MC.P374, update to a version LC2.MC.P374 or later. For Lexmark X642 versions through LC2.MB.P318, update to a version after LC2.MB.P318. For Lexmark W840 versions through LS.HA.P252, update to a version after LS.HA.P252. For Lexmark T64x versions before LS.ST.P344, update to a version LS.ST.P344 or later. For Lexmark X64xef versions through LC2.TI.P325, update to a version after LC2.TI.P325. For Lexmark C935dn versions through LC.JO.P091, update to a version after LC.JO.P091. For Lexmark C920 versions through LS.TA.P152, update to a version after LS.TA.P152. For Lexmark C78x versions through LC.IO.P187, update to a version after LC.IO.P187. For Lexmark X78x versions through LC2.IO.P335, update to a version after LC2.IO.P335. For Lexmark C77x versions through LC.CM.P052, update to a version after LC.CM.P052. For Lexmark X772 versions through LC2.TR.P291, update to a version after LC2.TR.P291. For Lexmark C53x versions through LS.SW.P069, update to a version after LS.SW.P069. For Lexmark C52x versions through LS.FA.P150, update to a version after LS.FA.P150. For Lexmark 25xxN versions through LCL.CU.P114, update to a version after LCL.CU.P114. For Lexmark N4000 versions through LC.MD.P119, update to a version after LC.MD.P119. For Lexmark N4050e versions through GO.GO.N206, update to a version after GO.GO.N206. For Lexmark N70xxe versions through LC.CO.N309, update to a version after LC.CO.N309. For Lexmark E450 versions through LM.SZ.P124, update to a version after LM.SZ.P124. For Lexmark E350 versions through LE.PH.P129, update to a version after LE.PH.P129. For Lexmark E250 versions through LE.PM.P126, update to a version after LE.PM.P126.