CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13205
https://notcve.org/view.php?id=CVE-2019-13205
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer. Todos los parámetros de configuración de determinadas impresoras Kyocera (tal y como la ECOSYS M5526cdw versión 2R7_2000.001.701), fueron accesibles para usuarios no autenticados. • https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13206
https://notcve.org/view.php?id=CVE-2019-13206
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. Algunas impresoras Kyocera (tal y como la ECOSYS M5526cdw versión 2R7_2000.001.701), fueron afectadas por una vulnerabilidad de desbordamiento de búfer en múltiples parámetros de la funcionalidad Document Boxes de la aplicación web que permitiría a un atacante autenticado llevar a cabo un ataque de Denegación de Servicio, bloquear el dispositivo o ejecutar potencialmente un código arbitrario en el dispositivo. • https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •