cbcvebase.
CVE-2022-1026
published 2022-04-04

CVE-2022-1026: Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords…

PriorityP181high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
15.10%
96.3th percentile
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.

Affected

2 ranges
VendorProductVersion rangeFixed in
kyoceramultifunction_printer_net_viewer2S0_1000.005.0012S5_2000.002.505 – 2S0_1000.005.0012S5_2000.002.505
kyoceranet_viewer<= 2s0_1000.005.0012s5_2000.002.505

Detection & IOCsextracted from sources · hover to see the quote

url/ws/km-wsdl/setting/address_book
otherhttp://www.kyoceramita.com/ws/km-wsdl/setting/address_book/create_personal_address_enumeration25
  • Detect unauthenticated POST requests to the Kyocera address book SOAP endpoint at /ws/km-wsdl/setting/address_book with the SOAP action create_personal_address_enumeration25
  • Successful exploitation returns HTTP 200 with Content-Type text/xml and a body containing SOAP-ENV:Envelope and SOAP-ENV:Body — monitor for these in responses to unauthenticated requests
  • Use Shodan query 'product:"Kyocera Printer Panel"' to identify internet-exposed Kyocera printers potentially vulnerable to this CVE
  • Content-Type of the exploit request is application/soap+xml — filter for unauthenticated SOAP requests to printer management endpoints
  • ·The vulnerability affects Kyocera Net Viewer (all versions matched by wildcard CPE), meaning any unpatched Net View installation may be vulnerable; version scoping is broad
  • ·The exploit requires no authentication (PR:N, UI:N) and is network-accessible (AV:N), making it trivially exploitable from the internet against exposed printers
  • ·EPSS score of 0.86782 (99.4th percentile) indicates very high real-world exploitation probability; prioritize detection and patching accordingly

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck8.6HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.