Cyber Resilience

CVE-2022-50932

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0353 87.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50932 is a high-severity Path Traversal (CWE-22) vulnerability in Kyocera Command Center Rx. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-50932 is a directory traversal vulnerability (CWE-22) in the Kyocera Command Center RX software running on the ECOSYS M2035dn printer. The flaw allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ endpoint. Exploitation involves sending crafted requests such as /js/../../../../.../etc/passwd%00.jpg, where a null-byte termination enables access to critical files like /etc/passwd and /etc/shadow. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Unauthenticated attackers can exploit this issue remotely over the network with low attack complexity and no privileges or user interaction required. Successful exploitation results in high-impact confidentiality violations, enabling disclosure of sensitive system information such as user account details and password hashes from files like /etc/passwd and /etc/shadow.

Advisories and references include a proof-of-concept exploit published on Exploit-DB (https://www.exploit-db.com/exploits/50738), the Kyocera Command Center RX product page (https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html), and a Vulncheck advisory (https://www.vulncheck.com/advisories/kyocera-command-center-rx-ecosys-mdn-directory-traversal-file-disclosure-unauthenticated) detailing the unauthenticated directory traversal and file disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended…

more

traversal) to access critical files such as /etc/passwd and /etc/shadow.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Directory traversal on public-facing printer web UI directly enables remote unauthenticated file read of /etc/passwd and /etc/shadow (T1003.008, T1552.001) via crafted requests to a web application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37015Shared CWE-22
CVE-2025-25684Shared CWE-22
CVE-2020-37088Shared CWE-22
CVE-2026-6381Shared CWE-22
CVE-2018-25178Shared CWE-22
CVE-2026-22199Shared CWE-22
CVE-2026-25992Shared CWE-22
CVE-2020-36939Shared CWE-22
CVE-2026-26217Shared CWE-22
CVE-2026-27305Shared CWE-22

Affected Assets

kyocera
command center rx
ecosys_m2035dn

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents directory traversal vulnerabilities by validating and sanitizing manipulated file path inputs in HTTP requests to the /js/ endpoint.

prevent

Requires identification, reporting, and timely patching of the specific directory traversal flaw in Kyocera Command Center RX software.

prevent

Enforces approved access authorizations to restrict file system access to only intended /js/ directory contents, blocking traversal to sensitive files like /etc/passwd.

References