Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection
Vulnerability Description
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration data like database credentials through an out-of-band channel attack.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
KYOCERA Net Admin 安全漏洞
Vulnerability Description
KYOCERA Net Admin是美国KYOCERA公司的一个企业级设备管理平台。 KYOCERA Net Admin 3.4.0906版本存在安全漏洞,该漏洞源于Multi-Set Template Editor对XML文件处理不当,可能导致XML外部实体注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A