Skip to main content

CVE-2022-41807: Missing authorization in KYOCERA Document Solutions Inc. Kyocera Document Solutions MFPs and printers

Medium
Published: Mon Dec 05 2022 (12/05/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: KYOCERA Document Solutions Inc.
Product: Kyocera Document Solutions MFPs and printers

Description

Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

AI-Powered Analysis

AILast updated: 06/24/2025, 04:11:08 UTC

Technical Analysis

CVE-2022-41807 is a missing authorization vulnerability identified in a broad range of Kyocera Document Solutions multifunction printers (MFPs) and printers. The flaw allows a network-adjacent attacker to alter device settings without any authentication by sending specially crafted requests to the affected devices. This vulnerability stems from improper access control (CWE-862), where the device fails to verify whether the requester is authorized to perform configuration changes. The affected products include numerous TASKalfa series models (e.g., 7550ci, 6550ci, 5550ci, 4550ci, 3550ci, 3050ci, 255c, 205c, 256ci, 206ci, 8000i, 6500i, 5500i, 4500i, 3500i, 305, 255, 306i, 256i), ECOSYS models (M6526cdn, M6526cidn, M2535dn, P6026cdn, P4040dn, P2135dn), FS series (C2126MFP, C2126MFP+, C2026MFP, C2026MFP+, C5250DN, 1370DN), and LS series (3140MFP, 3140MFP+, 3640MFP, 1135MFP, 1035MFP, C8650DN, C8600DN, 4300DN, 4200DN, 2100DN). The vulnerability has a CVSS v3.1 base score of 6.5 (medium severity), with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating that exploitation requires network adjacency but no privileges or user interaction, and impacts integrity but not confidentiality or availability. No known exploits are reported in the wild as of the published date (December 2022). The vulnerability could allow attackers to modify device configurations, potentially disrupting printing workflows, redirecting print jobs, or enabling further attacks through misconfiguration. Since these devices are often connected within enterprise networks, the risk is significant in environments where network segmentation is weak or where these devices are exposed to untrusted networks.

Potential Impact

For European organizations, this vulnerability poses a risk primarily to the integrity of printing and document management processes. Attackers could alter printer settings to intercept, redirect, or manipulate print jobs, potentially leading to leakage of sensitive information or disruption of business operations. In sectors such as government, finance, healthcare, and critical infrastructure, where document confidentiality and integrity are paramount, such unauthorized changes could facilitate espionage, fraud, or sabotage. Additionally, compromised printers could serve as footholds for lateral movement within corporate networks, increasing the risk of broader compromise. The impact is heightened in organizations with large deployments of Kyocera devices, especially if network segmentation and device access controls are insufficient. Given the medium severity and lack of confidentiality impact, the primary concern is operational disruption and integrity violations rather than direct data exfiltration. However, the ease of exploitation without authentication and user interaction increases the threat level in environments with exposed or poorly segmented printer networks.

Mitigation Recommendations

1. Network Segmentation: Isolate Kyocera MFPs and printers on dedicated VLANs or network segments with strict access controls to limit network adjacency to trusted devices only. 2. Access Control Lists (ACLs): Implement ACLs on network devices to restrict access to printer management interfaces to authorized IP addresses or subnets. 3. Firmware Updates: Although no patch links are provided, organizations should regularly check Kyocera’s official security advisories and promptly apply any released firmware updates addressing this vulnerability. 4. Disable Unused Services: Turn off any unnecessary network services or protocols on the printers that could be exploited to send crafted requests. 5. Monitor Network Traffic: Deploy network monitoring and intrusion detection systems to identify anomalous requests targeting printer management interfaces. 6. Configuration Auditing: Regularly audit printer configurations to detect unauthorized changes and maintain baseline configurations. 7. Vendor Engagement: Engage with Kyocera support to obtain detailed guidance and inquire about planned patches or mitigations. 8. Incident Response Preparedness: Develop and test incident response plans specific to printer and MFP compromise scenarios to enable rapid containment and remediation. These measures go beyond generic advice by focusing on network-level controls, proactive monitoring, and operational readiness tailored to the nature of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
jpcert
Date Reserved
2022-10-22T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9840c4522896dcbf1272

Added to database: 5/21/2025, 9:09:20 AM

Last enriched: 6/24/2025, 4:11:08 AM

Last updated: 7/29/2025, 11:49:53 PM

Views: 24

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats