HOMEVULNERABILITIESCVE-2022-41798
MEDIUM

CVE-2022-41798

CWE-290Published: December 5, 2022· Updated: Jun 17, 2026

6.5
CVSS v3.1

Official Description

Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

NVD Source

Technical Analysis

CVE-2022-41798 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 6.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorAdjacent
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityNone
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Vendors & Products

kyocera80 product(s)
taskalfa 7550ci firmwaretaskalfa 7550citaskalfa 6550ci firmwaretaskalfa 6550citaskalfa 5550ci firmwaretaskalfa 5550citaskalfa 4550ci firmwaretaskalfa 4550citaskalfa 3550ci firmwaretaskalfa 3550citaskalfa 3050ci firmwaretaskalfa 3050ci+68
Source: NVD CPE · 80 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (6)

Quick Facts

CVE IDCVE-2022-41798
CVSS Score6.5 / 10
SeverityMEDIUM
WeaknessCWE-290
CISA KEVNo
Affected1 vendor(s)
PublishedDec 5, 2022

Related CVEs (CWE-290)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2022-41798 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.