MidnightBSD

Advisories for kyocera

CVE-2006-0788 MEDIUM

Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kyocera fs-3830n *
CVE-2006-0789 HIGH

Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kyocera fs-3830n *
CVE-2018-16656 MEDIUM

DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
kyocera taskalfa_4002i_firmware -
kyocera taskalfa_6002i_firmware -
CVE-2019-13195 MEDIUM

The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13196 HIGH

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13197 HIGH

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13198 MEDIUM

The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13199 MEDIUM

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13200 MEDIUM

The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13201 HIGH

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13202 HIGH

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13203 HIGH

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13204 HIGH

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13205 MEDIUM

All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-13206 HIGH

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
kyocera ecosys_m5526cdw_firmware 2r7_2000.001.701
CVE-2019-25253

KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration data like database credentials through an out-of-band channel attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
kyocera net_admin 3.4.0906
CVE-2019-25254

KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
kyocera net_admin 3.4.0906
CVE-2019-6452 MEDIUM

Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
kyocera command_center_rx -
CVE-2020-23575 MEDIUM

A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
kyocera d-copia253mf_plus_firmware -
CVE-2020-25890 MEDIUM

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kyocera ecosys_m2640idw_firmware -
CVE-2022-1026 MEDIUM

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@rapid7.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
kyocera net_viewer *
CVE-2022-41798

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Products Affected

Vendor Product Version
kyocera ls-3640mfp_firmware -
kyocera fs-c2126mfp_firmware -
kyocera ls-4200dn_firmware -
kyocera fs-c5250dn_firmware -
kyocera ecosys_p4040dn_firmware -
kyocera taskalfa_4550ci_firmware -
kyocera taskalfa_7550ci_firmware -
kyocera taskalfa_206ci_firmware -
kyocera ecosys_m2535dn_firmware -
kyocera fs-c2026mfp_firmware -
kyocera taskalfa_4500i_firmware -
kyocera ecosys_p6026cdn_firmware -
kyocera taskalfa_3050ci_firmware -
kyocera ls-1135mfp_firmware -
kyocera taskalfa_8000i_firmware -
kyocera ls-4300dn_firmware -
kyocera taskalfa_3500i_firmware -
kyocera ls-c8600dn_firmware -
kyocera taskalfa_256i_firmware -
kyocera ls-c8650dn_firmware -
kyocera taskalfa_256ci_firmware -
kyocera fs-1370dn_firmware -
kyocera taskalfa_5550ci_firmware -
kyocera taskalfa_255c_firmware -
kyocera taskalfa_205c_firmware -
kyocera fs-c2126mfp+_firmware -
kyocera taskalfa_5500i_firmware -
kyocera ls-2100dn_firmware -
kyocera taskalfa_306i_firmware -
kyocera ecosys_m6526cdn_firmware -
kyocera ecosys_m6526cidn_firmware -
kyocera taskalfa_3550ci_firmware -
kyocera ls-3140mfp_firmware -
kyocera ls-3140mfp+_firmware -
kyocera taskalfa_305_firmware -
kyocera taskalfa_6550ci_firmware -
kyocera taskalfa_255_firmware -
kyocera ls-1035mfp_firmware -
kyocera ecosys_p2135dn_firmware -
kyocera taskalfa_6500i_firmware -
CVE-2022-41807

Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Products Affected

Vendor Product Version
kyocera ls-3640mfp_firmware -
kyocera fs-c2126mfp_firmware -
kyocera ls-4200dn_firmware -
kyocera fs-c5250dn_firmware -
kyocera ecosys_p4040dn_firmware -
kyocera taskalfa_4550ci_firmware -
kyocera taskalfa_7550ci_firmware -
kyocera taskalfa_206ci_firmware -
kyocera ecosys_m2535dn_firmware -
kyocera fs-c2026mfp_firmware -
kyocera taskalfa_4500i_firmware -
kyocera ecosys_p6026cdn_firmware -
kyocera taskalfa_3050ci_firmware -
kyocera ls-1135mfp_firmware -
kyocera taskalfa_8000i_firmware -
kyocera ls-4300dn_firmware -
kyocera taskalfa_3500i_firmware -
kyocera ls-c8600dn_firmware -
kyocera taskalfa_256i_firmware -
kyocera ls-c8650dn_firmware -
kyocera taskalfa_256ci_firmware -
kyocera fs-1370dn_firmware -
kyocera taskalfa_5550ci_firmware -
kyocera taskalfa_255c_firmware -
kyocera taskalfa_205c_firmware -
kyocera fs-c2126mfp+_firmware -
kyocera taskalfa_5500i_firmware -
kyocera ls-2100dn_firmware -
kyocera taskalfa_306i_firmware -
kyocera ecosys_m6526cdn_firmware -
kyocera ecosys_m6526cidn_firmware -
kyocera taskalfa_3550ci_firmware -
kyocera ls-3140mfp_firmware -
kyocera ls-3140mfp+_firmware -
kyocera taskalfa_305_firmware -
kyocera taskalfa_6550ci_firmware -
kyocera taskalfa_255_firmware -
kyocera ls-1035mfp_firmware -
kyocera ecosys_p2135dn_firmware -
kyocera taskalfa_6500i_firmware -
CVE-2022-41830

Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Products Affected

Vendor Product Version
kyocera ls-3640mfp_firmware -
kyocera fs-c2126mfp_firmware -
kyocera ls-4200dn_firmware -
kyocera fs-c5250dn_firmware -
kyocera ecosys_p4040dn_firmware -
kyocera taskalfa_4550ci_firmware -
kyocera taskalfa_7550ci_firmware -
kyocera taskalfa_206ci_firmware -
kyocera ecosys_m2535dn_firmware -
kyocera fs-c2026mfp_firmware -
kyocera taskalfa_4500i_firmware -
kyocera ecosys_p6026cdn_firmware -
kyocera taskalfa_3050ci_firmware -
kyocera ls-1135mfp_firmware -
kyocera taskalfa_8000i_firmware -
kyocera ls-4300dn_firmware -
kyocera taskalfa_3500i_firmware -
kyocera ls-c8600dn_firmware -
kyocera taskalfa_256i_firmware -
kyocera ls-c8650dn_firmware -
kyocera taskalfa_256ci_firmware -
kyocera fs-1370dn_firmware -
kyocera taskalfa_5550ci_firmware -
kyocera taskalfa_255c_firmware -
kyocera taskalfa_205c_firmware -
kyocera fs-c2126mfp+_firmware -
kyocera taskalfa_5500i_firmware -
kyocera ls-2100dn_firmware -
kyocera taskalfa_306i_firmware -
kyocera ecosys_m6526cdn_firmware -
kyocera ecosys_m6526cidn_firmware -
kyocera taskalfa_3550ci_firmware -
kyocera ls-3140mfp_firmware -
kyocera ls-3140mfp+_firmware -
kyocera taskalfa_305_firmware -
kyocera taskalfa_6550ci_firmware -
kyocera taskalfa_255_firmware -
kyocera ls-1035mfp_firmware -
kyocera ecosys_p2135dn_firmware -
kyocera taskalfa_6500i_firmware -
CVE-2022-50932

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
kyocera command_center_rx ecosys_m2035dn
CVE-2023-25954

KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.

Products Affected

Vendor Product Version
triumph-adler mobile_print *
kyocera mobile_print *
olivetti mobile_print *
CVE-2023-34259

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
kyocera d-copia253mf_plus_firmware *
CVE-2023-34260

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
kyocera d-copia253mf_plus_firmware *
CVE-2023-34261

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
kyocera d-copia253mf_plus_firmware *
CVE-2023-50916

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
kyocera device_manager *