CVE-2023-49367 PoC — Kyocera Command Center RX EXOSYS M5521cdn 安全漏洞

Source

https://github.com/barisbaydur/CVE-2023-49367

Associated Vulnerability

Title:Kyocera Command Center RX EXOSYS M5521cdn 安全漏洞 (CVE-2023-49367)
Description:Kyocera Command Center RX EXOSYS M5521cdn是美国Kyocera公司的一款彩色多功能打印机。 Kyocera Command Center RX EXOSYS M5521cdn存在安全漏洞，该漏洞源于用户界面问题，可能导致远程攻击者通过检查用户发送的数据包获取敏感信息。

Description

Information Disclosure in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to access user information via inspecting sent packages by user.

Readme

# CVE-2023-49367 - Sensetive Data Exposure
Sensetive Data Exposure in Kyocera Printer Web Panel<br/>
Vendor: Kyocera Corporation<br/>
Affected Versions: Command Center RX - EXOSYS M5521cdn

# Description
After connecting to the Kyocera interface address book, test requests for smb and ftp can be seen in the sent packets. These requests contain plaintext passwords, and when examined, these plaintext passwords can be intercepted.

# POC
- Go to **Address Book* Page
- Click to any **Saved User**
- Press the test button for content with entered data
- Review incoming and outgoing requests and view plaintext password data

File Snapshot


 [4.0K]  /data/pocs/8ad574e5faf58940b1fdf43999c669d1021b0655
└── [ 625]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!