CVE-2023-49367

HIGH

Kyocera Command Center RX EXOSYS M5521cdn - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49367. PoCs published by barisbaydur.

AI-analyzed exploit summary The repository describes a sensitive data exposure vulnerability in Kyocera Printer Web Panel where plaintext passwords are transmitted in test requests for SMB and FTP. The PoC involves navigating the address book interface and intercepting these requests to view credentials.

Description

An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.

Exploits (1)

nomisec WRITEUP

by barisbaydur · poc

https://github.com/barisbaydur/CVE-2023-49367

View Code ZIP pw:eip

The repository describes a sensitive data exposure vulnerability in Kyocera Printer Web Panel where plaintext passwords are transmitted in test requests for SMB and FTP. The PoC involves navigating the address book interface and intercepting these requests to view credentials.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Kyocera Command Center RX - EXOSYS M5521cdn

Auth required

Prerequisites: Access to the Kyocera printer web interface · Valid credentials to navigate the address book

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

http://kyocera.com

Various Sources

https://github.com/barisbaydur/CVE-2023-49367

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 21.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-200

Status published

Published Sep 18, 2025

Tracked Since Feb 18, 2026