CVE-2022-50932 – Kyocera Command Center RX ECOSYS M2035dn has a ... (How to Fix)

Q: What is the severity of CVE-2022-50932?

CVE-2022-50932 has a CVSS score of 7.5 (HIGH). Kyocera Command Center RX ECOSYS M2035dn has a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files like /etc/passwd and /etc/shadow by manipulating file paths. This affects organizations using the vulnerable Kyocera multifunction printer software, potentially exposing credential information and system configuration.

📋 TL;DR

Kyocera Command Center RX ECOSYS M2035dn has a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files like /etc/passwd and /etc/shadow by manipulating file paths. This affects organizations using the vulnerable Kyocera multifunction printer software, potentially exposing credential information and system configuration.

💻 Affected Systems

Products:

Kyocera Command Center RX ECOSYS M2035dn

Versions: All versions prior to patch (specific patched version not clearly documented in public sources)

Operating Systems: Embedded printer OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web interface component of the Kyocera multifunction printer. The vulnerability is in the file handling mechanism for resources under the /js/ path.

📦 What is this software?

Command Center Rx by Kyocera

View all CVEs affecting Command Center Rx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full system access by extracting password hashes from /etc/shadow and cracking them, then using those credentials to compromise the entire system or network.

🟠

Likely Case

Attackers read sensitive system files containing user information, configuration details, and potentially credential hashes, leading to information disclosure and possible credential theft.

🟢

If Mitigated

Limited information disclosure with no direct path to system compromise if proper network segmentation and access controls are in place.

🌐 Internet-Facing: HIGH - Unauthenticated exploit with public proof-of-concept makes internet-facing instances extremely vulnerable to automated scanning and exploitation.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to escalate privileges or move laterally within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP requests with directory traversal sequences and null-byte injection. Public exploit code available on Exploit-DB (ID 50738).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not explicitly stated in public sources - check Kyocera security advisory

Vendor Advisory: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html

Restart Required: Yes

Instructions:

1. Check Kyocera security advisory for latest firmware. 2. Download firmware update from Kyocera support portal. 3. Apply firmware update through printer web interface or local interface. 4. Restart printer to apply changes.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to the printer's web interface to only trusted management networks

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable Web Interface

all

Temporarily disable the web interface if not required for operations

Access printer settings via local interface -> Network Settings -> Disable HTTP/HTTPS services

🧯 If You Can't Patch

Isolate the printer on a separate VLAN with strict firewall rules preventing external and unnecessary internal access
Implement network monitoring for directory traversal patterns in HTTP requests to the printer

🔍 How to Verify

Check if Vulnerable:

Send HTTP GET request to http://[printer-ip]/js/../../../../etc/passwd%00.jpg and check if /etc/passwd contents are returned

Check Version:

Check firmware version via printer web interface: Settings -> Device Information -> Firmware Version

Verify Fix Applied:

Attempt the same exploit request after patching - should return error or empty response instead of file contents

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '/js/../../' patterns
Requests with null-byte (%00) in URL
Unusual file access patterns from external IPs

Network Indicators:

HTTP traffic to printer on port 80/443 with directory traversal sequences
Multiple failed attempts followed by successful file disclosure

SIEM Query:

source="printer_logs" AND (url="*js/../*" OR url="*%00*")

📊 Metadata

CVE ID: CVE-2022-50932

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.32% exploit probability (54.1th percentile)

Published: January 13, 2026

Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50932, you might also want to check these: