CVE-2018-16656

Published: May 14, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request.

Affected (2)

Products: Kyocera: Taskalfa 4002i Firmware, Taskalfa 6002i Firmware

Kyocera

2 products

Taskalfa 4002i Firmware

Taskalfa 6002i Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 4002i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 4002i	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kyocera Taskalfa 6002i Firmware	All versions

Running on/with	Platform Versions
Kyocera Taskalfa 6002i	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://mars-cheng.github.io/blog/2019/CVE-2018-16656

Source: cve@mitre.org

ExploitThird Party Advisory

https://mars-cheng.github.io/blog/2019/CVE-2018-16656

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.