Vulnerabilities > Kyocera
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-13 | CVE-2023-25954 | Exposure of Resource to Wrong Sphere vulnerability in multiple products KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. | 5.5 |
| 2022-12-05 | CVE-2022-41798 | Authentication Bypass by Spoofing vulnerability in Kyocera products Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. | 6.5 |
| 2022-12-05 | CVE-2022-41807 | Missing Authorization vulnerability in Kyocera products Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. | 6.5 |
| 2022-12-05 | CVE-2022-41830 | Cross-site Scripting vulnerability in Kyocera products Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. | 4.8 |
| 2022-04-04 | CVE-2022-1026 | Insufficiently Protected Credentials vulnerability in Kyocera NET Viewer Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | 5.0 |
| 2021-05-10 | CVE-2020-23575 | Path Traversal vulnerability in Kyocera D-Copia253Mf Plus Firmware A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. | 5.0 |
| 2020-11-17 | CVE-2020-25890 | Cross-site Scripting vulnerability in Kyocera Ecosys M2640Idw Firmware The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". | 4.3 |
| 2020-03-13 | CVE-2019-13202 | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | 10.0 |
| 2020-03-13 | CVE-2019-13201 | Classic Buffer Overflow vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. | 10.0 |
| 2020-03-13 | CVE-2019-13200 | Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. | 4.3 |