CSRF Vulnerability in Kyocera Printers Allows Local Account Takeover

CSRF Vulnerability in Kyocera Printers Allows Local Account Takeover

CVE-2019-13199 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

Learn more about our Web Application Penetration Testing UK.