PT-2022-17225 · Kyocera · Kyocera D-Color Mf3555

Luca Carbone

Published

2022-04-20

Updated

2022-05-12

CVE-2022-25343

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Kyocera d-COLOR MF3555 version 2XD S000.002.271

Description The Web Application is affected by a Denial of Service issue. An unauthenticated attacker can send POST requests to the "/download/set.cgi" page by manipulating the failhtmfile variable, causing interruption of the service provided by the Web Application.

Recommendations For version 2XD S000.002.271, as a temporary workaround, consider restricting access to the "/download/set.cgi" page to minimize the risk of exploitation. Avoid using the failhtmfile variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-25343

Affected Products

Kyocera D-Color Mf3555

PT-2022-17225 · Kyocera · Kyocera D-Color Mf3555

CVE-2022-25343

Related Identifiers

Affected Products

References · 5