CVE-2022-41807 is a missing authorization vulnerability identified in a broad range of Kyocera Document Solutions multifunction printers (MFPs) and printers. The flaw allows a network-adjacent attacker to alter device settings without any authentication by sending specially crafted requests to the affected devices. This vulnerability stems from improper access control (CWE-862), where the device fails to verify whether the requester is authorized to perform configuration changes. The affected products include numerous TASKalfa series models (e.g., 7550ci, 6550ci, 5550ci, 4550ci, 3550ci, 3050ci, 255c, 205c, 256ci, 206ci, 8000i, 6500i, 5500i, 4500i, 3500i, 305, 255, 306i, 256i), ECOSYS models (M6526cdn, M6526cidn, M2535dn, P6026cdn, P4040dn, P2135dn), FS series (C2126MFP, C2126MFP+, C2026MFP, C2026MFP+, C5250DN, 1370DN), and LS series (3140MFP, 3140MFP+, 3640MFP, 1135MFP, 1035MFP, C8650DN, C8600DN, 4300DN, 4200DN, 2100DN). The vulnerability has a CVSS v3.1 base score of 6.5 (medium severity), with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating that exploitation requires network adjacency but no privileges or user interaction, and impacts integrity but not confidentiality or availability. No known exploits are reported in the wild as of the published date (December 2022). The vulnerability could allow attackers to modify device configurations, potentially disrupting printing workflows, redirecting print jobs, or enabling further attacks through misconfiguration. Since these devices are often connected within enterprise networks, the risk is significant in environments where network segmentation is weak or where these devices are exposed to untrusted networks.

For European organizations, this vulnerability poses a risk primarily to the integrity of printing and document management processes. Attackers could alter printer settings to intercept, redirect, or manipulate print jobs, potentially leading to leakage of sensitive information or disruption of business operations. In sectors such as government, finance, healthcare, and critical infrastructure, where document confidentiality and integrity are paramount, such unauthorized changes could facilitate espionage, fraud, or sabotage. Additionally, compromised printers could serve as footholds for lateral movement within corporate networks, increasing the risk of broader compromise. The impact is heightened in organizations with large deployments of Kyocera devices, especially if network segmentation and device access controls are insufficient. Given the medium severity and lack of confidentiality impact, the primary concern is operational disruption and integrity violations rather than direct data exfiltration. However, the ease of exploitation without authentication and user interaction increases the threat level in environments with exposed or poorly segmented printer networks.

1. Network Segmentation: Isolate Kyocera MFPs and printers on dedicated VLANs or network segments with strict access controls to limit network adjacency to trusted devices only. 2. Access Control Lists (ACLs): Implement ACLs on network devices to restrict access to printer management interfaces to authorized IP addresses or subnets. 3. Firmware Updates: Although no patch links are provided, organizations should regularly check Kyocera’s official security advisories and promptly apply any released firmware updates addressing this vulnerability. 4. Disable Unused Services: Turn off any unnecessary network services or protocols on the printers that could be exploited to send crafted requests. 5. Monitor Network Traffic: Deploy network monitoring and intrusion detection systems to identify anomalous requests targeting printer management interfaces. 6. Configuration Auditing: Regularly audit printer configurations to detect unauthorized changes and maintain baseline configurations. 7. Vendor Engagement: Engage with Kyocera support to obtain detailed guidance and inquire about planned patches or mitigations. 8. Incident Response Preparedness: Develop and test incident response plans specific to printer and MFP compromise scenarios to enable rapid containment and remediation. These measures go beyond generic advice by focusing on network-level controls, proactive monitoring, and operational readiness tailored to the nature of this vulnerability.