KYOCERA Command Center RX (CCRX) Security Vulnerability

Japan, July 21, 2023 – KYOCERA Document Solutions Inc., announced a security vulnerability has been confirmed in KYOCERA Command Center RX (hereinafter referred to as "CCRX"), which allows users to check and change various settings of multifunction devices provided by Kyocera Document Solutions over the network.
The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

【Vulnerability description】

1. Path Traversal 

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.
CVE ID: CVE-2023-34259

2. Denial of Service (DoS)

There is a vulnerability that makes CCRX unusable by a DoS attack. By manipulating the value of the file path, CCRX may become unresponsive.
CVE ID: CVE-2023-34260

3. User Enumeration

By trying to login many times, an attacker can grasp if there is a login user name in data base for device at CCRX login.
CVE ID: CVE-2023-34261


As a countermeasure, we provide firmware that fixed Vulnerability issues. Please contact your local distributor to apply the firmware. As for “3. User Enumeration”, Kyocera Document Solutions recognizes that security risk is low level.

【Affected Products】

Color MFPs:
TASKalfa 8353ci、TASKalfa 8352ci、TASKalfa 7054ci、TASKalfa 6054ci、TASKalfa 5054ci、TASKalfa 4054ci、TASKalfa 3554ci、TASKalfa 2554ci、TASKalfa 6053ci、TASKalfa 5053ci、TASKalfa 4053ci、TASKalfa 3253ci、TASKalfa 2553ci、TASKalfa 6052ci、TASKalfa 5052ci、TASKalfa 4052ci、TASKalfa 3552d、TASKalfa 3252ci、TASKalfa 2552ci、ECOSYS M8130cidn、ECOSYS M8124cidn、TASKalfa 408ci、TASKalfa 358ci、TASKalfa 308ci、TASKalfa 406ci、TASKalfa 356ci、TASKalfa 306ci、TASKalfa 8353ci、TASKalfa 7353ci、ECOSYS M6635cidn、ECOSYS M6630cidn、ECOSYS M5525cdn、ECOSYS M5520cdw、ECOSYS M5520cdn、ECOSYS P5026cdn、ECOSYS P5026cdw。

Monochrome MFPs:
TASKalfa 9003i、TASKalfa 8003i、TASKalfa 7000i、TASKalfa 9002i、TASKalfa 7002i、TASKalfa 7004ci、TASKalfa 6004ci、TASKalfa 5004ci、TASKalfa 6003i、TASKalfa 5003i、TASKalfa 6002i、TASKalfa 5002i、TASKalfa MZ4000i、TASKalfa MZ3200i、TASKalfa 4012i、TASKalfa 3212i、TASKalfa 3511i、TASKalfa 3011i、ECOSYS M4132idn、ECOSYS M4125idn、TASKalfa 2321、TASKalfa 2320、TASKalfa 2201、TASKalfa 2020、TASKalfa 2200、TASKalfa 1801、TASKalfa 1800、ECOSYS M5526cdn、ECOSYS M5526cdw、ECOSYS M2040dn、ECOSYS M2540dn/L、ECOSYS M2540dn、ECOSYS M2640idw、ECOSYS M2640idw/L、ECOSYS M2635dn、ECOSYS M3860idn、ECOSYS M3660idn、ECOSYS M3645idn、ECOSYS M3645dn、ECOSYS M3145dn。

Color printer:
ECOSYS P8060cdn、ECOSYS P6230cdn、ECOSYS P6235cdn、ECOSYS P7240cdn、ECOSYS P5025cdn、ECOSYS P5020cdw、ECOSYS P5020cdn。

Monochrome printers:
ECOSYS P4060dn、ECOSYS P3260dn、ECOSYS P3155dn、ECOSYS P3150dn、ECOSYS P3145dn、ECOSYS P3060dn、ECOSYS P3055dn、ECOSYS P3050dn、ECOSYS P3045dn、ECOSYS P4145dn、ECOSYS P4135dn、ECOSYS P4140dn、ECOSYS P4045dn、ECOSYS P4040dn、ECOSYS P4035dn、ECOSYS P2040dn、ECOSYS P2235dn、ECOSYS P2230dn。


Kyocera Document Solutions would like to thank Mr. Stefan Michlits of SEC Consult (, an Austrian security consulting services company, who discovered this vulnerability.

【Products affected by this vulnerability】

For more information on how this vulnerability affects products, please contact your local distributor where you purchased the product.