Vulnerabilities > Kyocera > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-34259 Path Traversal vulnerability in Kyocera D-Copia253Mf Plus Firmware 2Vgs000.002.561
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges.
network
low complexity
kyocera CWE-22
4.9
2023-11-03 CVE-2023-34261 Unspecified vulnerability in Kyocera D-Copia253Mf Plus Firmware 2Vgs000.002.561
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.
network
low complexity
kyocera
5.3
2023-04-13 CVE-2023-25954 Exposure of Resource to Wrong Sphere vulnerability in multiple products
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling.
local
low complexity
kyocera triumph-adler olivetti CWE-668
5.5
2022-12-05 CVE-2022-41798 Authentication Bypass by Spoofing vulnerability in Kyocera products
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information.
low complexity
kyocera CWE-290
6.5
2022-12-05 CVE-2022-41807 Missing Authorization vulnerability in Kyocera products
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request.
low complexity
kyocera CWE-862
6.5
2022-12-05 CVE-2022-41830 Cross-site Scripting vulnerability in Kyocera products
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script.
network
low complexity
kyocera CWE-79
4.8
2020-11-17 CVE-2020-25890 Cross-site Scripting vulnerability in Kyocera Ecosys M2640Idw Firmware
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book".
network
low complexity
kyocera CWE-79
6.1
2020-03-13 CVE-2019-13200 Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS.
network
low complexity
kyocera CWE-79
6.1
2020-03-13 CVE-2019-13199 Cross-Site Request Forgery (CSRF) vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF.
network
low complexity
kyocera CWE-352
6.5
2020-03-13 CVE-2019-13198 Cross-site Scripting vulnerability in Kyocera Ecosys M5526Cdw Firmware 2R72000.001.701
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS.
network
low complexity
kyocera CWE-79
6.1