CVE-2022-1026

HIGH EXPLOITED NUCLEI

Kyocera Net Viewer - Insufficiently Protected Credentials

Title source: rule

Description

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.

Exploits (5)

nomisec WORKING POC 18 stars

by ac3lives · remote

https://github.com/ac3lives/kyocera-cve-2022-1026

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by h4po0n · infoleak

https://github.com/h4po0n/kyocera-cve-2022-1026_SOAP1.1

View Code ZIP pw:eip

nomisec NO CODE 2 stars

by flamebarke · infoleak

https://github.com/flamebarke/nmap-printer-nse-scripts

View Code ZIP pw:eip

nomisec WORKING POC

by D4RKMATT3R · infoleak

https://github.com/D4RKMATT3R/KyoceraCredsDump

View Code ZIP pw:eip

nomisec WORKING POC

by r0lh · infoleak

https://github.com/r0lh/kygocera

View Code ZIP pw:eip

Nuclei Templates (1)

Kyocera Net View Address Book Exposure

HIGHby DhiyaneshDK

Shodan: product:"Kyocera Printer Panel"

References (2)

[Vendor Advisory] https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-04-04.html

[Exploit, Third Party Advisory] https://www.rapid7.com/blog/post/2022/03/29/cve-2022-1026-kyocera-net-view-address-book-exposure/

Scores

CVSS v3 8.6

EPSS 0.8678

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

VulnCheck KEV 2024-06-08

CWE

CWE-522

Status published

Products (1)

kyocera/net_viewer < 2s0_1000.005.0012s5_2000.002.505

Published Apr 04, 2022

Tracked Since Feb 18, 2026