CVE-2022-41807

MEDIUM
Published Dec 5, 20223y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Dec 5, 2022 3y ago
Last Modified Jun 17, 2026 2w ago

Description

Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 80

VendorProductVersionRange
kyocerataskalfa_7550ci_firmware*any
kyocerataskalfa_7550ci*any
kyocerataskalfa_6550ci_firmware*any
kyocerataskalfa_6550ci*any
kyocerataskalfa_5550ci_firmware*any
kyocerataskalfa_5550ci*any
kyocerataskalfa_4550ci_firmware*any
kyocerataskalfa_4550ci*any
kyocerataskalfa_3550ci_firmware*any
kyocerataskalfa_3550ci*any
kyocerataskalfa_3050ci_firmware*any
kyocerataskalfa_3050ci*any
kyocerataskalfa_255c_firmware*any
kyocerataskalfa_255c*any
kyocerataskalfa_205c_firmware*any
kyocerataskalfa_205c*any
kyocerataskalfa_256ci_firmware*any
kyocerataskalfa_256ci*any
kyocerataskalfa_206ci_firmware*any
kyocerataskalfa_206ci*any
kyoceraecosys_m6526cdn_firmware*any
kyoceraecosys_m6526cdn*any
kyoceraecosys_m6526cidn_firmware*any
kyoceraecosys_m6526cidn*any
kyocerafs-c2126mfp_firmware*any
kyocerafs-c2126mfp*any
kyocerafs-c2126mfp\+_firmware*any
kyocerafs-c2126mfp\+*any
kyocerafs-c2026mfp_firmware*any
kyocerafs-c2026mfp*any
kyocerataskalfa_8000i_firmware*any
kyocerataskalfa_8000i*any
kyocerataskalfa_6500i_firmware*any
kyocerataskalfa_6500i*any
kyocerataskalfa_5500i_firmware*any
kyocerataskalfa_5500i*any
kyocerataskalfa_4500i_firmware*any
kyocerataskalfa_4500i*any
kyocerataskalfa_3500i_firmware*any
kyocerataskalfa_3500i*any
kyocerataskalfa_305_firmware*any
kyocerataskalfa_305*any
kyocerataskalfa_255_firmware*any
kyocerataskalfa_255*any
kyocerataskalfa_306i_firmware*any
kyocerataskalfa_306i*any
kyocerataskalfa_256i_firmware*any
kyocerataskalfa_256i*any
kyocerals-3140mfp_firmware*any
kyocerals-3140mfp*any
kyocerals-3140mfp\+_firmware*any
kyocerals-3140mfp\+*any
kyocerals-3640mfp_firmware*any
kyocerals-3640mfp*any
kyoceraecosys_m2535dn_firmware*any
kyoceraecosys_m2535dn*any
kyocerals-1135mfp_firmware*any
kyocerals-1135mfp*any
kyocerals-1035mfp_firmware*any
kyocerals-1035mfp*any
kyocerals-c8650dn_firmware*any
kyocerals-c8650dn*any
kyocerals-c8600dn_firmware*any
kyocerals-c8600dn*any
kyoceraecosys_p6026cdn_firmware*any
kyoceraecosys_p6026cdn*any
kyocerafs-c5250dn_firmware*any
kyocerafs-c5250dn*any
kyocerals-4300dn_firmware*any
kyocerals-4300dn*any
kyocerals-4200dn_firmware*any
kyocerals-4200dn*any
kyocerals-2100dn_firmware*any
kyocerals-2100dn*any
kyoceraecosys_p4040dn_firmware*any
kyoceraecosys_p4040dn*any
kyoceraecosys_p2135dn_firmware*any
kyoceraecosys_p2135dn*any
kyocerafs-1370dn_firmware*any
kyocerafs-1370dn*any

References 3

  • jvn.jp https://jvn.jp/en/jp/JVN46345126/index.html
    Vendor Advisory
  • kyoceradocumentsolutions.co.jp https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html
    MitigationVendor Advisory
  • kyoceradocumentsolutions.com https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.