Login Sign Up

CVE-2019-13201

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in the LPD service of certain Kyocera printers allows unauthenticated attackers to cause denial of service or potentially execute arbitrary code. This affects Kyocera printers like the ECOSYS M5526cdw with vulnerable firmware versions. Organizations using these printers are at risk.

💻 Affected Systems

Products:
  • Kyocera ECOSYS M5526cdw
Versions: 2R7_2000.001.701 and likely other similar firmware versions
Operating Systems: Printer firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects printers with LPD service enabled (often default). Other Kyocera models may also be vulnerable.

📦 What is this software?

Ecosys M5526cdw Firmware by Kyocera

View all CVEs affecting Ecosys M5526cdw Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to connected networks, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing printer downtime and disruption of printing services.

🟢

If Mitigated

Limited to service disruption if network segmentation and access controls prevent exploitation.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible if printers are exposed to the internet.
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Buffer overflow in LPD service makes exploitation relatively straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kyocera for latest firmware updates

Vendor Advisory: https://www.kyoceradocumentsolutions.com

Restart Required: Yes

Instructions:

1. Check Kyocera support site for firmware updates
2. Download appropriate firmware for your printer model
3. Apply firmware update following vendor instructions
4. Restart printer after update

🔧 Temporary Workarounds

Disable LPD Service

all

Disable the vulnerable LPD printing service if not required

Access printer web interface > Network Settings > TCP/IP > Disable LPD

Network Segmentation

all

Isolate printers on separate VLAN with restricted access

🧯 If You Can't Patch

  • Disable LPD service and use alternative printing protocols
  • Implement strict network access controls to limit printer access to trusted hosts only

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface or control panel. If version matches affected range and LPD is enabled, device is vulnerable.

Check Version:

Access printer web interface at http://[printer-ip] and check System/Configuration page

Verify Fix Applied:

Confirm firmware has been updated to latest version and LPD service is either disabled or patched.

📡 Detection & Monitoring

Log Indicators:

  • Unusual LPD service crashes
  • Multiple connection attempts to port 515
  • Printer service restart logs

Network Indicators:

  • Unusual traffic to printer port 515 (LPD)
  • Large or malformed LPD packets

SIEM Query:

destination_port:515 AND (packet_size > threshold OR protocol_anomaly)

📊 Metadata

CVE ID: CVE-2019-13201
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: March 13, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13201, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)