CVE-2023-22960
This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.
Table of Contents
Loading contents...
README.md
PoC for CVE-2023-22960
Details
PoC for CVE-2023-22960 that I discovered. This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server interface of all Lexmark printer models that have a firmware version released before 01/2023. This issue affects both username-password and PIN authentication.
Official security advisory -> https://publications.lexmark.com/publications/security-alerts/CVE-2023-22960.pdf
PoC tested against:
- Lexmark MX622adhe
- Lexmark CX735adse
- Lexmark MX521ade
Video Presentation
In this video I demonstrate the issue as well as how to write an http(s) login bruteforce script with Python.
https://www.youtube.com/watch?v=HuAqTScr_3s
Preview
Without the brute-force prevention bypass:
Applying the brute-force prevention bypass:
Tool Information
Author
t3l3machus
Project Added On
July 05, 2025
License
Open Source
Tags
Related Tools
CVE-2017-0199
Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Stable
CVE-2017-8759
Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Stable