CVE-2022-50932 | THREATINT

Description

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.

PUBLISHED Reserved 2026-01-11 | Published 2026-01-13 | Updated 2026-01-14 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

ECOSYS M2035dn

affected

Credits

Luis Martinez finder

References

www.exploit-db.com/exploits/50738 exploit

www.exploit-db.com/exploits/50738 (ExploitDB-50738) exploit

www.kyoceradocumentsolutions.com/...n/command-center-rx.html (Kyocera Command Center RX Official Product Page) product

www.vulncheck.com/...aversal-file-disclosure-unauthenticated (VulnCheck Advisory: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)) third-party-advisory

cve.org (CVE-2022-50932)

nvd.nist.gov (CVE-2022-50932)

Download JSON