34 matches found
CVE-2023-34260
Kyocera TASKalfa 4053ci printers (firmware 2VG_S000.002.561 and earlier) are affected by a path traversal/DoS vulnerability (CVE-2023-34260) in the Kyocera Command Center RX context, enabling read attempts of /etc via the endpoint path wlmdeu/../../.. followed by a /etc reference. The issue is co...
CVE-2023-34261
Kyocera TASKalfa 4053ci printers through 2VGS000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error...
CVE-2023-34259
Kyocera TASKalfa 4053ci printers through 2VGS000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575...
CVE-2023-34259
Kyocera TASKalfa 4053ci printers (versions up to 2VG_S000.002.561) are affected by CVE-2023-34259 due to a path traversal vulnerability that reads arbitrary filesystem files, including root‑level data. The issue stems from an incomplete fix for CVE-2020-23575 and manifests in a vulnerable endpoin...
PT-2023-24783 · Kyocera · Kyocera Taskalfa 4053Ci
Name of the Vulnerable Software and Affected Versions: Kyocera TASKalfa 4053ci printers versions 2VG S000.002.561 and earlier Description: The issue allows a denial of service service outage via the "/wlmdeu%2f%2e%2e%2f%2e%2e" endpoint followed by a directory reference such as "%2fetc%00index.htm...
PT-2023-24781
Name of the Vulnerable Software and Affected Versions Kyocera TASKalfa 4053ci printers versions 2VG S000.002.561 and earlier Description The issue allows directory traversal to read arbitrary files on the filesystem, even files that require root privileges, via the /wlmdeu%2f%2e%2e%2f%2e%2e...
PT-2023-24784 · Kyocera · Kyocera Taskalfa 4053Ci
Name of the Vulnerable Software and Affected Versions: Kyocera TASKalfa 4053ci printers through 2VG S000.002.561 Description: The issue allows identification of valid user accounts via username enumeration. This occurs because the system returns a "nicht einloggen" error rather than a "falsch"...
CVE-2022-41830
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci,...
CVE-2022-41798
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci,...
Code injection
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci,...
CVE-2022-41807
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci,...
Unauthorized Access Vulnerability in Kyocera Corporation's TASKalfa 2552ci
TASKalfa 2552ci is a printer from Kyocera Corporation. An unauthorized access vulnerability exists in the Kyocera Corporation TASKalfa 2552ci, which can be exploited by attackers to obtain sensitive information...
Design/Logic Flaw
DoBoxCstmBoxInfo.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request...
CVE-2018-16656
CVE-2018-16656 affects Kyocera TASKalfa 4002i and 6002i devices, where the DoBox_CstmBox_Info.model.htm component can be manipulated via HTTP to read other users’ documents. The available connected data identify the affected models and the root cause as improper handling of a modified HTTP reques...