Vincenzo Nigro

**Name of the Vulnerable Software and Affected Versions** Kyocera d-COLOR MF3555 version 2XD S000.002.271 **Description** The Web Application is affected by Broken Access Control, which does not properly validate requests for access to data and functionality under the `/mngset/authset` path. This allows a potential attacker to view pages that are not allowed by not verifying permissions for access to resources. **Recommendations** For Kyocera d-COLOR MF3555 version 2XD S000.002.271, as a temporary workaround, consider restricting access to the `/mngset/authset` path until a patch is available. Avoid using this path in the Web Application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.