TITLE:
Kyocera FS-3830N Configuration Modification Security Issue

SECUNIA ADVISORY ID:
SA18896

VERIFY ADVISORY:
http://secunia.com/advisories/18896/

CRITICAL:
Less critical

IMPACT:
Manipulation of data, Exposure of system information

WHERE:
>From local network

OPERATING SYSTEM:
Kyocera FS-3830N
http://secunia.com/product/8101/

DESCRIPTION:
evader has reported a security issue in Kyocera FS-3830N Printer,
which can be exploited by malicious people to gain knowledge of or
potentially to modify certain system information.

The security issue is caused due to the printer allowing access to
certain configuration settings without requiring prior authentication
via a request sent to port 9100/tcp. This may be exploited to disclose
and modify the configured settings.

Note: It has also been reported that other network-enabled Kyocera
printers have a default username "admin" and blank password for the
telnet configuration port.

SOLUTION:
Restrict access to the printer.

PROVIDED AND/OR DISCOVERED BY:
evader

ORIGINAL ADVISORY:
http://evader.wordpress.com/2006/02/16/kyocera-printers/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------