CVE-2022-41807

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kyocera Document Solutions MFPs and printers versions TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Description A missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-41807

Affected Products

Ecosys M2535Dn

Ecosys M6526Cdn

Ecosys P2135Dn

Ecosys P4040Dn

Ecosys P6026Cdn

Fs-1370Dn

Fs-C2026Mfp+

Fs-C2126Mfp+

Fs-C5250Dn

Ls-1035Mfp

Ls-1135Mfp

Ls-2100Dn

Ls-3140Mfp

Ls-3640Mfp

Ls-4200Dn

Ls-4300Dn

Ls-C8600Dn

Ls-C8650Dn

Taskalfa 205C

Taskalfa 206Ci

Taskalfa 255C

Taskalfa 256I

Taskalfa 305

Taskalfa 3050Ci

Taskalfa 306I

Taskalfa 3500I

Taskalfa 3550Ci

Taskalfa 4500I

Taskalfa 4550Ci

Taskalfa 5500I

Taskalfa 5550Ci

Taskalfa 6500I

Taskalfa 6550Ci

Taskalfa 7550Ci

Taskalfa 8000I

CVE-2022-41807

Weakness Enumeration

Related Identifiers

Affected Products

References · 6