Kyocera Command Center RX EXOSYS M5521cdn Sensitive Information Exposure Vulnerability

A vulnerability in the user interface of Kyocera Command Center RX EXOSYS M5521cdn allows remote access to sensitive information. By inspecting the data packets sent by the user, plaintext passwords can be intercepted. This issue arises after connecting to the Kyocera interface address book and testing requests for SMB and FTP, which reveal unencrypted password data.

Impact

Exploitation of this vulnerability leads to unauthorized access to plaintext passwords, which can be intercepted and potentially misused.

Reproduction

To reproduce this vulnerability, access the Kyocera Command Center RX EXOSYS M5521cdn web interface. Navigate to the 'Address Book' page and select any saved user. Press the test button for content with the entered data. Monitor the incoming and outgoing requests to find plaintext password information.