Vulnerabilities > CVE-2022-41807 - Missing Authorization vulnerability in Kyocera products

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

kyocera

CWE-862

NVD

Published: 2022-12-05

Updated: 2022-12-06

Summary

Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Vulnerable Configurations

Part	Description	Count
OS	Kyocera Kyocera Taskalfa 7550Ci Firmware - Kyocera Taskalfa 6550Ci Firmware - Kyocera Taskalfa 5550Ci Firmware - Kyocera Taskalfa 4550Ci Firmware - Kyocera Taskalfa 3550Ci Firmware - Kyocera Taskalfa 3050Ci Firmware - Kyocera Taskalfa 255C Firmware - Kyocera Taskalfa 205C Firmware - Kyocera Taskalfa 256Ci Firmware - Kyocera Taskalfa 206Ci Firmware - Kyocera Ecosys M6526Cdn Firmware - Kyocera Ecosys M6526Cidn Firmware - Kyocera FS C2126Mfp Firmware - Kyocera FS C2126Mfp+ Firmware - Kyocera FS C2026Mfp Firmware - Kyocera Taskalfa 8000I Firmware - Kyocera Taskalfa 6500I Firmware - Kyocera Taskalfa 5500I Firmware - Kyocera Taskalfa 4500I Firmware - Kyocera Taskalfa 3500I Firmware - Kyocera Taskalfa 305 Firmware - Kyocera Taskalfa 255 Firmware - Kyocera Taskalfa 306I Firmware - Kyocera Taskalfa 256I Firmware - Kyocera LS 3140Mfp Firmware - Kyocera LS 3140Mfp+ Firmware - Kyocera LS 3640Mfp Firmware - Kyocera Ecosys M2535Dn Firmware - Kyocera LS 1135Mfp Firmware - Kyocera LS 1035Mfp Firmware - Kyocera LS C8650Dn Firmware - Kyocera LS C8600Dn Firmware - Kyocera Ecosys P6026Cdn Firmware - Kyocera FS C5250Dn Firmware - Kyocera LS 4300Dn Firmware - Kyocera LS 4200Dn Firmware - Kyocera LS 2100Dn Firmware - Kyocera Ecosys P4040Dn Firmware - Kyocera Ecosys P2135Dn Firmware - Kyocera FS 1370Dn Firmware -	40
Hardware	Kyocera Kyocera Taskalfa 7550Ci - Kyocera Taskalfa 6550Ci - Kyocera Taskalfa 5550Ci - Kyocera Taskalfa 4550Ci - Kyocera Taskalfa 3550Ci - Kyocera Taskalfa 3050Ci - Kyocera Taskalfa 255C - Kyocera Taskalfa 205C - Kyocera Taskalfa 256Ci - Kyocera Taskalfa 206Ci - Kyocera Ecosys M6526Cdn - Kyocera Ecosys M6526Cidn - Kyocera FS C2126Mfp - Kyocera FS C2126Mfp+ - Kyocera FS C2026Mfp - Kyocera Taskalfa 8000I - Kyocera Taskalfa 6500I - Kyocera Taskalfa 5500I - Kyocera Taskalfa 4500I - Kyocera Taskalfa 3500I - Kyocera Taskalfa 305 - Kyocera Taskalfa 255 - Kyocera Taskalfa 306I - Kyocera Taskalfa 256I - Kyocera LS 3140Mfp - Kyocera LS 3140Mfp+ - Kyocera LS 3640Mfp - Kyocera Ecosys M2535Dn - Kyocera LS 1135Mfp - Kyocera LS 1035Mfp - Kyocera LS C8650Dn - Kyocera LS C8600Dn - Kyocera Ecosys P6026Cdn - Kyocera FS C5250Dn - Kyocera LS 4300Dn - Kyocera LS 4200Dn - Kyocera LS 2100Dn - Kyocera Ecosys P4040Dn - Kyocera Ecosys P2135Dn - Kyocera FS 1370Dn -	40

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References