CVE-2019-6452
Timeline
- January 15, 2019 reported to Kyocera
- January 15, 2019 replied solution
- January 16, 2019 CVE assigned
Affected Products
- Kyocera Command Center RX TASKalfa4501i
- Kyocera Command Center RX TASKalfa5052ci
Technical Details
those printers allow remote attackers to abuse the Test button in the machine address book to obtain a cleartext FTP or SMB password.
change host address to your rouge server and hit the test button
you should received cleartext by now, in this case the client use blank password

