CVE-2022-41807

Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Published: 2022-12-05 Last update: 2025-04-24 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-41807 is rated Low Risk (39.8/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.49%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-41807

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.02% 0.49% +0.47%
2 2025-03-17 0.08% 0.02% -0.07%
3 2023-03-07 0.08%

Full EPSS history (5 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-41807

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.5 3.1 MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
 2.8 3.6 [email protected]
6.5 3.1 MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
 2.8 3.6 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2022-41807

Affected software / configurations for CVE-2022-41807

Vendor Product Version Raw CPE
kyocera taskalfa_7550ci_firmware cpe:2.3:o:kyocera:taskalfa_7550ci_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_6550ci_firmware cpe:2.3:o:kyocera:taskalfa_6550ci_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_5550ci_firmware cpe:2.3:o:kyocera:taskalfa_5550ci_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_4550ci_firmware cpe:2.3:o:kyocera:taskalfa_4550ci_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_3550ci_firmware cpe:2.3:o:kyocera:taskalfa_3550ci_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_3050ci_firmware cpe:2.3:o:kyocera:taskalfa_3050ci_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_255c_firmware cpe:2.3:o:kyocera:taskalfa_255c_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_205c_firmware cpe:2.3:o:kyocera:taskalfa_205c_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_256ci_firmware cpe:2.3:o:kyocera:taskalfa_256ci_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_206ci_firmware cpe:2.3:o:kyocera:taskalfa_206ci_firmware:-:*:*:*:*:*:*:*
kyocera ecosys_m6526cdn_firmware cpe:2.3:o:kyocera:ecosys_m6526cdn_firmware:-:*:*:*:*:*:*:*
kyocera ecosys_m6526cidn_firmware cpe:2.3:o:kyocera:ecosys_m6526cidn_firmware:-:*:*:*:*:*:*:*
kyocera fs-c2126mfp_firmware cpe:2.3:o:kyocera:fs-c2126mfp_firmware:-:*:*:*:*:*:*:*
kyocera fs-c2126mfp\+_firmware cpe:2.3:o:kyocera:fs-c2126mfp\+_firmware:-:*:*:*:*:*:*:*
kyocera fs-c2026mfp_firmware cpe:2.3:o:kyocera:fs-c2026mfp_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_8000i_firmware cpe:2.3:o:kyocera:taskalfa_8000i_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_6500i_firmware cpe:2.3:o:kyocera:taskalfa_6500i_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_5500i_firmware cpe:2.3:o:kyocera:taskalfa_5500i_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_4500i_firmware cpe:2.3:o:kyocera:taskalfa_4500i_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_3500i_firmware cpe:2.3:o:kyocera:taskalfa_3500i_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_305_firmware cpe:2.3:o:kyocera:taskalfa_305_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_255_firmware cpe:2.3:o:kyocera:taskalfa_255_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_306i_firmware cpe:2.3:o:kyocera:taskalfa_306i_firmware:-:*:*:*:*:*:*:*
kyocera taskalfa_256i_firmware cpe:2.3:o:kyocera:taskalfa_256i_firmware:-:*:*:*:*:*:*:*
kyocera ls-3140mfp_firmware cpe:2.3:o:kyocera:ls-3140mfp_firmware:-:*:*:*:*:*:*:*
kyocera ls-3140mfp\+_firmware cpe:2.3:o:kyocera:ls-3140mfp\+_firmware:-:*:*:*:*:*:*:*
kyocera ls-3640mfp_firmware cpe:2.3:o:kyocera:ls-3640mfp_firmware:-:*:*:*:*:*:*:*
kyocera ecosys_m2535dn_firmware cpe:2.3:o:kyocera:ecosys_m2535dn_firmware:-:*:*:*:*:*:*:*
kyocera ls-1135mfp_firmware cpe:2.3:o:kyocera:ls-1135mfp_firmware:-:*:*:*:*:*:*:*
kyocera ls-1035mfp_firmware cpe:2.3:o:kyocera:ls-1035mfp_firmware:-:*:*:*:*:*:*:*
kyocera ls-c8650dn_firmware cpe:2.3:o:kyocera:ls-c8650dn_firmware:-:*:*:*:*:*:*:*
kyocera ls-c8600dn_firmware cpe:2.3:o:kyocera:ls-c8600dn_firmware:-:*:*:*:*:*:*:*
kyocera ecosys_p6026cdn_firmware cpe:2.3:o:kyocera:ecosys_p6026cdn_firmware:-:*:*:*:*:*:*:*
kyocera fs-c5250dn_firmware cpe:2.3:o:kyocera:fs-c5250dn_firmware:-:*:*:*:*:*:*:*
kyocera ls-4300dn_firmware cpe:2.3:o:kyocera:ls-4300dn_firmware:-:*:*:*:*:*:*:*
kyocera ls-4200dn_firmware cpe:2.3:o:kyocera:ls-4200dn_firmware:-:*:*:*:*:*:*:*
kyocera ls-2100dn_firmware cpe:2.3:o:kyocera:ls-2100dn_firmware:-:*:*:*:*:*:*:*
kyocera ecosys_p4040dn_firmware cpe:2.3:o:kyocera:ecosys_p4040dn_firmware:-:*:*:*:*:*:*:*
kyocera ecosys_p2135dn_firmware cpe:2.3:o:kyocera:ecosys_p2135dn_firmware:-:*:*:*:*:*:*:*
kyocera fs-1370dn_firmware cpe:2.3:o:kyocera:fs-1370dn_firmware:-:*:*:*:*:*:*:*

References for CVE-2022-41807

cvelogic Threat Intelligence