Vendor CVEs
Kyocera
All CVEs
31 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49367 | Hig | 0.57 | 8.8 | 0.00 | Sep 18, 2025 | An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user. | ||
| CVE-2023-34259 | 0.07 | — | 0.58 | Nov 3, 2023 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. | |||
| CVE-2022-1026 | 0.07 | — | 0.15 | Apr 4, 2022 | Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | |||
| CVE-2020-23575 | 0.07 | — | 0.37 | May 10, 2021 | A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server. | |||
| CVE-2019-25254 | 0.00 | — | 0.00 | Dec 24, 2025 | KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with… | |||
| CVE-2019-25253 | 0.00 | — | 0.01 | Dec 24, 2025 | KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve… | |||
| CVE-2023-50916 | 0.00 | — | 0.05 | Jan 10, 2024 | Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change… | |||
| CVE-2023-34260 | 0.00 | — | 0.68 | Nov 3, 2023 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. | |||
| CVE-2023-34261 | 0.00 | — | 0.07 | Nov 3, 2023 | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error. | |||
| CVE-2023-25954 | 0.00 | — | 0.00 | Apr 13, 2023 | KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may… | |||
| CVE-2022-41798 | 0.00 | — | 0.01 | Dec 5, 2022 | Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows:… | |||
| CVE-2022-41807 | 0.00 | — | 0.00 | Dec 5, 2022 | Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows:… | |||
| CVE-2022-41830 | 0.00 | — | 0.01 | Dec 5, 2022 | Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa… | |||
| CVE-2020-25890 | 0.00 | — | 0.01 | Nov 17, 2020 | The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web… | |||
| CVE-2019-13195 | 0.00 | — | 0.03 | Mar 13, 2020 | The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. | |||
| CVE-2019-13196 | 0.00 | — | 0.02 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service… | |||
| CVE-2019-13197 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially… | |||
| CVE-2019-13198 | 0.00 | — | 0.01 | Mar 13, 2020 | The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||
| CVE-2019-13199 | 0.00 | — | 0.01 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | |||
| CVE-2019-13200 | 0.00 | — | 0.01 | Mar 13, 2020 | The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted… | |||
| CVE-2019-13201 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on… | |||
| CVE-2019-13202 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial… | |||
| CVE-2019-13203 | 0.00 | — | 0.02 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack,… | |||
| CVE-2019-13204 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the… | |||
| CVE-2019-13205 | 0.00 | — | 0.01 | Mar 13, 2020 | All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected.… | |||
| CVE-2019-13206 | 0.00 | — | 0.02 | Mar 13, 2020 | Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service… | |||
| CVE-2018-16656 | 0.00 | — | 0.02 | May 14, 2019 | DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request. | |||
| CVE-2012-5174 | 0.00 | — | 0.03 | Nov 30, 2012 | The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format. | |||
| CVE-2008-4040 | 0.00 | — | 0.02 | Sep 11, 2008 | Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2006-0788 | 0.00 | — | 0.02 | Feb 19, 2006 | Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. | |||
| CVE-2006-0789 | 0.00 | — | 0.04 | Feb 19, 2006 | Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. |
- risk 0.57cvss 8.8epss 0.00
An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.
- CVE-2023-34259Nov 3, 2023risk 0.07cvss —epss 0.58
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.
- CVE-2022-1026Apr 4, 2022risk 0.07cvss —epss 0.15
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
- CVE-2020-23575May 10, 2021risk 0.07cvss —epss 0.37
A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.
- CVE-2019-25254Dec 24, 2025risk 0.00cvss —epss 0.00
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with…
- CVE-2019-25253Dec 24, 2025risk 0.00cvss —epss 0.01
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve…
- CVE-2023-50916Jan 10, 2024risk 0.00cvss —epss 0.05
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change…
- CVE-2023-34260Nov 3, 2023risk 0.00cvss —epss 0.68
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.
- CVE-2023-34261Nov 3, 2023risk 0.00cvss —epss 0.07
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.
- CVE-2023-25954Apr 13, 2023risk 0.00cvss —epss 0.00
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may…
- CVE-2022-41798Dec 5, 2022risk 0.00cvss —epss 0.01
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows:…
- CVE-2022-41807Dec 5, 2022risk 0.00cvss —epss 0.00
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows:…
- CVE-2022-41830Dec 5, 2022risk 0.00cvss —epss 0.01
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa…
- CVE-2020-25890Nov 17, 2020risk 0.00cvss —epss 0.01
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web…
- CVE-2019-13195Mar 13, 2020risk 0.00cvss —epss 0.03
The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.
- CVE-2019-13196Mar 13, 2020risk 0.00cvss —epss 0.02
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service…
- CVE-2019-13197Mar 13, 2020risk 0.00cvss —epss 0.03
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially…
- CVE-2019-13198Mar 13, 2020risk 0.00cvss —epss 0.01
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
- CVE-2019-13199Mar 13, 2020risk 0.00cvss —epss 0.01
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
- CVE-2019-13200Mar 13, 2020risk 0.00cvss —epss 0.01
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted…
- CVE-2019-13201Mar 13, 2020risk 0.00cvss —epss 0.03
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on…
- CVE-2019-13202Mar 13, 2020risk 0.00cvss —epss 0.03
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial…
- CVE-2019-13203Mar 13, 2020risk 0.00cvss —epss 0.02
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack,…
- CVE-2019-13204Mar 13, 2020risk 0.00cvss —epss 0.03
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the…
- CVE-2019-13205Mar 13, 2020risk 0.00cvss —epss 0.01
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected.…
- CVE-2019-13206Mar 13, 2020risk 0.00cvss —epss 0.02
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service…
- CVE-2018-16656May 14, 2019risk 0.00cvss —epss 0.02
DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request.
- CVE-2012-5174Nov 30, 2012risk 0.00cvss —epss 0.03
The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format.
- CVE-2008-4040Sep 11, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2006-0788Feb 19, 2006risk 0.00cvss —epss 0.02
Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.
- CVE-2006-0789Feb 19, 2006risk 0.00cvss —epss 0.04
Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.