CVE-2020-23575

HIGH EXPLOITED NUCLEI

Kyocera Printer d-COPIA253MF - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-23575 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Hakan Eren ŞAN. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Kyocera Printer d-COPIA253MF plus, allowing unauthorized access to sensitive files like /etc/passwd via a crafted HTTP GET request with nullbyte termination.

Description

A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.

Exploits (1)

exploitdb WORKING POC
by Hakan Eren ŞAN · textwebappshardware
https://www.exploit-db.com/exploits/48561

This exploit demonstrates a directory traversal vulnerability in Kyocera Printer d-COPIA253MF plus, allowing unauthorized access to sensitive files like /etc/passwd via a crafted HTTP GET request with nullbyte termination.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Kyocera Printer d-COPIA253MF plus
No auth needed
Prerequisites: Network access to the vulnerable printer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Kyocera Printer d-COPIA253MF - Directory Traversal
HIGHby 0x_Akoko
Shodan: http.favicon.hash:-50306417
FOFA: icon_hash=-50306417

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/48561

Scores

CVSS v3 7.5
EPSS 0.3676
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-13
CWE
CWE-22
Status published
Products (1)
kyocera/d-copia253mf_plus_firmware
Published May 10, 2021
Tracked Since Feb 18, 2026