VYPR

Vendor CVEs

Kyocera

All CVEs

31 total · sorted by risk
  • CVE-2023-49367HigSep 18, 2025
    risk 0.57cvss 8.8epss 0.00

    An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.

  • CVE-2023-34259Nov 3, 2023
    risk 0.07cvss epss 0.58

    Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.

  • CVE-2022-1026Apr 4, 2022
    risk 0.07cvss epss 0.15

    Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.

  • CVE-2020-23575May 10, 2021
    risk 0.07cvss epss 0.37

    A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.

  • CVE-2019-25254Dec 24, 2025
    risk 0.00cvss epss 0.00

    KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with…

  • CVE-2019-25253Dec 24, 2025
    risk 0.00cvss epss 0.01

    KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve…

  • CVE-2023-50916Jan 10, 2024
    risk 0.00cvss epss 0.05

    Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change…

  • CVE-2023-34260Nov 3, 2023
    risk 0.00cvss epss 0.68

    Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.

  • CVE-2023-34261Nov 3, 2023
    risk 0.00cvss epss 0.07

    Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error.

  • CVE-2023-25954Apr 13, 2023
    risk 0.00cvss epss 0.00

    KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may…

  • CVE-2022-41798Dec 5, 2022
    risk 0.00cvss epss 0.01

    Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows:…

  • CVE-2022-41807Dec 5, 2022
    risk 0.00cvss epss 0.00

    Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows:…

  • CVE-2022-41830Dec 5, 2022
    risk 0.00cvss epss 0.01

    Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa…

  • CVE-2020-25890Nov 17, 2020
    risk 0.00cvss epss 0.01

    The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web…

  • CVE-2019-13195Mar 13, 2020
    risk 0.00cvss epss 0.03

    The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system.

  • CVE-2019-13196Mar 13, 2020
    risk 0.00cvss epss 0.02

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service…

  • CVE-2019-13197Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially…

  • CVE-2019-13198Mar 13, 2020
    risk 0.00cvss epss 0.01

    The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.

  • CVE-2019-13199Mar 13, 2020
    risk 0.00cvss epss 0.01

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

  • CVE-2019-13200Mar 13, 2020
    risk 0.00cvss epss 0.01

    The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted…

  • CVE-2019-13201Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on…

  • CVE-2019-13202Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial…

  • CVE-2019-13203Mar 13, 2020
    risk 0.00cvss epss 0.02

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack,…

  • CVE-2019-13204Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the…

  • CVE-2019-13205Mar 13, 2020
    risk 0.00cvss epss 0.01

    All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected.…

  • CVE-2019-13206Mar 13, 2020
    risk 0.00cvss epss 0.02

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service…

  • CVE-2018-16656May 14, 2019
    risk 0.00cvss epss 0.02

    DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request.

  • CVE-2012-5174Nov 30, 2012
    risk 0.00cvss epss 0.03

    The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format.

  • CVE-2008-4040Sep 11, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2006-0788Feb 19, 2006
    risk 0.00cvss epss 0.02

    Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.

  • CVE-2006-0789Feb 19, 2006
    risk 0.00cvss epss 0.04

    Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.