Vulnerabilities > Kyocera > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-34259 | Path Traversal vulnerability in Kyocera D-Copia253Mf Plus Firmware 2Vgs000.002.561 Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. | 4.9 |
| 2023-11-03 | CVE-2023-34261 | Unspecified vulnerability in Kyocera D-Copia253Mf Plus Firmware 2Vgs000.002.561 Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error. | 5.3 |
| 2023-04-13 | CVE-2023-25954 | Exposure of Resource to Wrong Sphere vulnerability in multiple products KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. | 5.5 |
| 2022-12-05 | CVE-2022-41798 | Authentication Bypass by Spoofing vulnerability in Kyocera products Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. | 6.5 |
| 2022-12-05 | CVE-2022-41807 | Missing Authorization vulnerability in Kyocera products Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. | 6.5 |
| 2022-12-05 | CVE-2022-41830 | Cross-site Scripting vulnerability in Kyocera products Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. | 4.8 |
| 2020-11-17 | CVE-2020-25890 | Cross-site Scripting vulnerability in Kyocera Ecosys M2640Idw Firmware The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". | 6.1 |
| 2020-03-13 | CVE-2019-13200 | Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. | 6.1 |
| 2020-03-13 | CVE-2019-13199 | Cross-Site Request Forgery (CSRF) vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. | 6.5 |
| 2020-03-13 | CVE-2019-13198 | Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701 The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. | 6.1 |