Vulnerabilities > Kyocera

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-50916 Path Traversal vulnerability in Kyocera Device Manager
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path.
network
low complexity
kyocera CWE-22
7.2
2023-11-03 CVE-2023-34259 Path Traversal vulnerability in Kyocera D-Copia253Mf Plus Firmware 2Vgs000.002.561
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges.
network
low complexity
kyocera CWE-22
4.9
2023-11-03 CVE-2023-34260 Path Traversal vulnerability in Kyocera D-Copia253Mf Plus Firmware 2Vgs000.002.561
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.
network
low complexity
kyocera CWE-22
7.5
2023-11-03 CVE-2023-34261 Unspecified vulnerability in Kyocera D-Copia253Mf Plus Firmware 2Vgs000.002.561
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.
network
low complexity
kyocera
5.3
2023-04-13 CVE-2023-25954 Exposure of Resource to Wrong Sphere vulnerability in multiple products
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling.
local
low complexity
kyocera triumph-adler olivetti CWE-668
5.5
2022-12-05 CVE-2022-41798 Authentication Bypass by Spoofing vulnerability in Kyocera products
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information.
low complexity
kyocera CWE-290
6.5
2022-12-05 CVE-2022-41807 Missing Authorization vulnerability in Kyocera products
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request.
low complexity
kyocera CWE-862
6.5
2022-12-05 CVE-2022-41830 Cross-site Scripting vulnerability in Kyocera products
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script.
network
low complexity
kyocera CWE-79
4.8
2022-04-04 CVE-2022-1026 Insufficiently Protected Credentials vulnerability in Kyocera NET Viewer 2S01000.005.0012S52000.002.505
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
network
low complexity
kyocera CWE-522
8.6
2021-05-10 CVE-2020-23575 Path Traversal vulnerability in Kyocera D-Copia253Mf Plus Firmware
A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus.
network
low complexity
kyocera CWE-22
7.5