CVE-2022-50932
Published: 13 January 2026
Summary
CVE-2022-50932 is a high-severity Path Traversal (CWE-22) vulnerability in Kyocera Command Center Rx. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 36.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.
NVD Description
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended…
more
traversal) to access critical files such as /etc/passwd and /etc/shadow.
Deeper analysisAI
CVE-2022-50932 is a directory traversal vulnerability (CWE-22) in the Kyocera Command Center RX software running on the ECOSYS M2035dn printer. The flaw allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ endpoint. Exploitation involves sending crafted requests such as /js/../../../../.../etc/passwd%00.jpg, where a null-byte termination enables access to critical files like /etc/passwd and /etc/shadow. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Unauthenticated attackers can exploit this issue remotely over the network with low attack complexity and no privileges or user interaction required. Successful exploitation results in high-impact confidentiality violations, enabling disclosure of sensitive system information such as user account details and password hashes from files like /etc/passwd and /etc/shadow.
Advisories and references include a proof-of-concept exploit published on Exploit-DB (https://www.exploit-db.com/exploits/50738), the Kyocera Command Center RX product page (https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html), and a Vulncheck advisory (https://www.vulncheck.com/advisories/kyocera-command-center-rx-ecosys-mdn-directory-traversal-file-disclosure-unauthenticated) detailing the unauthenticated directory traversal and file disclosure.
Details
- CWE(s)