CVE-2022-1026

HIGH EXPLOITED NUCLEI

Kyocera Net Viewer < 2s0_1000.005.0012s5_2000.002.505 - Unprotected User Data Exposure via Address Book Export

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-1026 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including ac3lives, h4po0n, flamebarke. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages an unauthenticated SOAP API vulnerability in Kyocera printers to extract cleartext credentials from the address book. It sends crafted SOAP requests to create and retrieve an address book object, exposing sensitive data like SMB, FTP, and domain credentials.

Description

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.

Exploits (5)

nomisec WORKING POC 18 stars
by ac3lives · remote
https://github.com/ac3lives/kyocera-cve-2022-1026

This exploit leverages an unauthenticated SOAP API vulnerability in Kyocera printers to extract cleartext credentials from the address book. It sends crafted SOAP requests to create and retrieve an address book object, exposing sensitive data like SMB, FTP, and domain credentials.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Kyocera printers (e.g., ECOSYS M2640idw, TASKalfa 406ci)
No auth needed
Prerequisites: Network access to the printer's SOAP API on port 9091/TCP
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by h4po0n · infoleak
https://github.com/h4po0n/kyocera-cve-2022-1026_SOAP1.1

This repository contains a functional PoC for CVE-2022-1026, targeting Kyocera printers with SOAP 1.1 support. It retrieves credentials and address book data by exploiting an information disclosure vulnerability in the SOAP service.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Kyocera printers (legacy models with SOAP 1.1)
No auth needed
Prerequisites: Network access to the Kyocera printer's SOAP service (port 9091) · SOAP 1.1 support on the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by D4RKMATT3R · infoleak
https://github.com/D4RKMATT3R/KyoceraCredsDump

This repository contains a functional exploit for CVE-2022-1026, targeting Kyocera printers to extract sensitive credentials (email, SMB, FTP) from the address book unauthenticated via SOAP API calls. The script supports multi-target scanning, concurrent execution, and configurable output.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Kyocera printers (multiple models, unauthenticated SOAP API)
No auth needed
Prerequisites: network access to target printer · SOAP API exposed on port 443 or custom port
devstral-2 · analyzed Apr 23, 2026 Full analysis →
nomisec WORKING POC
by r0lh · infoleak
https://github.com/r0lh/kygocera

This is a Golang-based PoC for CVE-2022-1026, which exploits an address book exposure vulnerability in Kyocera Net View. It checks for vulnerable targets and retrieves sensitive address book data via SOAP requests.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Kyocera Net View (specific version not specified)
No auth needed
Prerequisites: Network access to the target device · SOAP endpoint exposed on port 9091 (default)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Kyocera Net View Address Book Exposure
HIGHby DhiyaneshDK
Shodan: product:"Kyocera Printer Panel"

References (2)

Core 2

Scores

CVSS v3 8.6
EPSS 0.1445
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

VulnCheck KEV 2024-06-08
CWE
CWE-522
Status published
Products (1)
kyocera/net_viewer < 2s0_1000.005.0012s5_2000.002.505
Published Apr 04, 2022
Tracked Since Feb 18, 2026