CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50916
https://notcve.org/view.php?id=CVE-2023-50916
10 Jan 2024 — Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to... • https://www.kyoceradocumentsolutions.us/en/about-us/pr-and-award-certifications/press/kyocera-device-manager-cve-2023-50196-vulnerability-solution-update.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 93%CPEs: 2EXPL: 2CVE-2023-34259 – Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial of Service
https://notcve.org/view.php?id=CVE-2023-34259
11 Jul 2023 — Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. Las impresoras Kyocera TASKalfa 4053ci hasta 2VG_S000.002.561 permiten /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal para leer archivos arbitrarios en el sistema de archivos, incluso archivos que requieren privilegios de root. NOTA: este problem... • https://packetstorm.news/files/id/173397 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 2CVE-2023-34260 – Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial of Service
https://notcve.org/view.php?id=CVE-2023-34260
11 Jul 2023 — Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. Las impresoras Kyocera TASKalfa 4053ci hasta 2VG_S000.002.561 permiten una denegación de servicio (interrupción del servicio) a través de /wlmdeu%2f%2e%2e%2f%2e%2e seguido de una referencia de directorio como %2fetc%00index.htm para intentar leer el directorio /etc. Kyocera TASKalfa 4... • https://packetstorm.news/files/id/173397 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2023-34261 – Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial of Service
https://notcve.org/view.php?id=CVE-2023-34261
11 Jul 2023 — Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error. Las impresoras Kyocera TASKalfa 4053ci hasta 2VG_S000.002.561 permiten la identificación de cuentas de usuario válidas mediante la enumeración de nombres de usuario porque conducen a un error "nicht einloggen" en lugar de un error falso. Kyocera TASKalfa 4053ci versions 2VG_S000.002.561 and below suffers from... • https://packetstorm.news/files/id/173397 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25954
https://notcve.org/view.php?id=CVE-2023-25954
13 Apr 2023 — KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification. • https://jvn.jp/en/vu/JVNVU98434809 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 0CVE-2022-41798
https://notcve.org/view.php?id=CVE-2022-41798
05 Dec 2022 — Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255,... • https://jvn.jp/en/jp/JVN46345126/index.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 0CVE-2022-41807
https://notcve.org/view.php?id=CVE-2022-41807
05 Dec 2022 — Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255,... • https://jvn.jp/en/jp/JVN46345126/index.html • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 80EXPL: 0CVE-2022-41830
https://notcve.org/view.php?id=CVE-2022-41830
05 Dec 2022 — Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP... • https://jvn.jp/en/jp/JVN46345126/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 66%CPEs: 1EXPL: 4CVE-2022-1026 – Kyocera Net View Address Book Exposure
https://notcve.org/view.php?id=CVE-2022-1026
04 Apr 2022 — Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. Las impresoras multifunción Kyocera que ejecutan versiones vulnerables de Net View exponen involuntariamente información confidencial del usuario, incluyendo nombres de usuario y contraseñas, mediante una función de exportación de la libreta de direcciones insuficientemente protegida • https://github.com/ac3lives/kyocera-cve-2022-1026 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 64%CPEs: 2EXPL: 1CVE-2020-23575
https://notcve.org/view.php?id=CVE-2020-23575
10 May 2021 — A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server. Se presenta una vulnerabilidad de salto de directorio en Kyocera Printer d-COPIA253MF plus. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante recuperar o visualizar archivos arbitrarios del servidor afectado • https://www.exploit-db.com/exploits/48561 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •