CVE-2008-7110

Kyocera Mita Scanner File Utility 3.3.0.1 - Path Traversal via Dot-Dot in Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7110. PoCs published by Seth Fogie.

AI-analyzed exploit summary This exploit targets a directory traversal vulnerability in Kyocera Mita Scanner File Utility 3.3.0.1, allowing arbitrary file creation/overwrite. It includes a scanner to detect valid account IDs and passwords, and a payload delivery mechanism to upload files with arbitrary paths.

Description

Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Seth Fogie · pythonremotewindows

https://www.exploit-db.com/exploits/32301

View Code ZIP pw:eip

This exploit targets a directory traversal vulnerability in Kyocera Mita Scanner File Utility 3.3.0.1, allowing arbitrary file creation/overwrite. It includes a scanner to detect valid account IDs and passwords, and a payload delivery mechanism to upload files with arbitrary paths.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kyocera Mita Scanner File Utility 3.3.0.1

No auth needed

Prerequisites: Network access to TCP port 37100 · Target software installed and running

MITRE ATT&CK