🛡️ CVE-2023-40239
🟠 CVSS 7.5 — High ✅ No Known Exploit CWE-611 NVD
7.5
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

Details

Severity HIGH
CVSS Score 7.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE CWE-611
Public Exploit ✅ No
Source NVD
Published 2023-09-01
Updated 2026-06-08
Modified 2024-11-21
Fix URL N/A

Affected Packages

Software From version Fixed in
c2132-firmware lw80.vy4.p245
cs310-firmware lw80.vyl.p245
cs317-firmware lw80.vyl.p245
cs410-firmware lw80.vy2.p245
cs417-firmware lw80.vy2.p245
cs510-firmware lw80.vy4.p245
cs517-firmware lw80.vy4.p245
cx310-firmware lw80.gm2.p245
cx317-firmware lw80.gm2.p245
cx410-firmware lw80.gm4.p245
cx417-firmware lw80.gm4.p245
cx510-firmware lw80.gm7.p245
cx517-firmware lw80.gm7.p245
m1140-firmware lw80.prl.p245
m1140\+-firmware lw80.pr2.p245
m1145-firmware lw80.pr2.p245
m3150de-firmware lw80.pr4.p245
m3150dn-firmware lw80.pr2.p245
m5155-firmware lw80.dn4.p245
m5163de-firmware lw80.dn4.p245
m5163dn-firmware lw80.dn2.p245
m5170-firmware lw80.dn7.p245
ms310-firmware lw80.prl.p245
ms312-firmware lw80.prl.p245
ms315-firmware lw80.tl2.p245
ms317-firmware lw80.prl.p245
ms410-firmware lw80.prl.p245
ms415-firmware lw80.tl2.p245
ms417-firmware lw80.tl2.p245
ms510-firmware lw80.pr2.p245
ms517-firmware lw80.pr2.p245
ms610de-firmware lw80.pr4.p245
ms610dn-firmware lw80.pr2.p245
ms617-firmware lw80.pr2.p245
ms710-firmware lw80.dn2.p245
ms711-firmware lw80.dn2.p245
ms810de-firmware lw80.dn4.p245
ms810dn-firmware lw80.dn2.p245
ms811-firmware lw80.dn2.p245
ms812de-firmware lw80.dn7.p245
ms812dn-firmware lw80.dn2.p245
ms817-firmware lw80.dn2.p245
ms818-firmware lw80.dn2.p245
ms911-firmware lw80.sa.p245
mx310-firmware lw80.sb2.p245
mx317-firmware lw80.sb2.p245
mx410-firmware lw80.sb4.p245
mx417-firmware lw80.sb4.p245
mx510-firmware lw80.sb4.p245
mx511-firmware lw80.sb4.p245
mx517-firmware lw80.sb4.p245
mx610-firmware lw80.sb7.p245
mx611-firmware lw80.sb7.p245
mx617-firmware lw80.sb7.p245
mx710-firmware lw80.tu.p245
mx711-firmware lw80.tu.p245
mx717-firmware lw80.tu.p245
mx718-firmware lw80.tu.p245
mx810-firmware lw80.tu.p245
mx811-firmware lw80.tu.p245
mx812-firmware lw80.tu.p245
mx910-firmware lw80.mg.p245
mx911-firmware lw80.mg.p245
mx912-firmware lw80.mg.p245
xc2130-firmware lw80.gm4.p245
xc2132-firmware lw80.gm7.p245
xm1135-firmware lw80.sb2.p245
xm1140-firmware lw80.sb4.p245
xm1145-firmware lw80.sb4.p245
xm3150-firmware lw80.sb7.p245
xm5163-firmware lw80.tu.p245
xm5170-firmware lw80.tu.p245
xm5263-firmware lw80.tu.p245
xm5270-firmware lw80.tu.p245
xm7155-firmware lw80.tu.p245
xm7163-firmware lw80.tu.p245
xm7170-firmware lw80.tu.p245
xm7263-firmware lw80.tu.p245
xm7270-firmware lw80.tu.p245
xm9145-firmware lw80.mg.p245
xm9155-firmware lw80.mg.p245
xm9165-firmware lw80.mg.p245

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.