CVE-2022-50932

HIGH

Kyocera Command Center RX ECOSYS M2035dn - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50932. PoCs published by Luis Martínez.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated directory traversal vulnerability in Kyocera Command Center RX ECOSYS M2035dn, allowing arbitrary file disclosure via crafted HTTP requests with nullbyte termination.

Description

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.

Exploits (1)

exploitdb WORKING POC
by Luis Martínez · textwebappshardware
https://www.exploit-db.com/exploits/50738

This exploit demonstrates an unauthenticated directory traversal vulnerability in Kyocera Command Center RX ECOSYS M2035dn, allowing arbitrary file disclosure via crafted HTTP requests with nullbyte termination.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Kyocera Command Center RX ECOSYS M2035dn
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0353
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
kyocera/command_center_rx ecosys_m2035dn
Published Jan 13, 2026
Tracked Since Feb 18, 2026