cbcvebase.
CVE-2023-34259
published 2023-11-03

CVE-2023-34259: Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even…

PriorityP351medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EXPLOIT
EPSS
57.68%
99.0th percentile
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.

Affected

1 ranges
VendorProductVersion rangeFixed in
kyocerad-copia253mf_plus_firmware<= 2vg_s000.002.561

Detection & IOCsextracted from sources · hover to see the quote

url/wlmdeu%2f%2e%2e%2f%2e%2e directory traversal
path/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm
othershodan:http.favicon.hash:-50306417
otherfofa:icon_hash=-50306417
  • HTTP response body should match the regex 'root:.*:0:0' (i.e., /etc/passwd content) to confirm successful exploitation.
  • HTTP response Server header must contain 'KM-MFP' to identify a vulnerable Kyocera MFP device.
  • Exploit request returns HTTP 200 status on successful path traversal.
  • The traversal payload uses URL double-encoding (%2f for '/', %2e%2e for '..') combined with a null-byte (%00) to bypass path restrictions and reach /etc/passwd.
  • Use Shodan query 'http.favicon.hash:-50306417' or FOFA query 'icon_hash=-50306417' to identify internet-exposed Kyocera MFP devices potentially affected by this CVE.
  • ·This vulnerability is an incomplete fix for a prior CVE; devices patched for CVE-2020-23575 may still be vulnerable if not updated beyond firmware 2VG_S000.002.561.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.