MidnightBSD

Advisories for ricoh

CVE-2015-6750 HIGH

Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ricoh dl-1_sr10 *
CVE-2018-15884 MEDIUM

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-352,

Products Affected

Vendor Product Version
ricoh mp_c4504ex_firmware -
CVE-2018-16184 HIGH

RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
ricoh d5500_firmware *
ricoh d7500_firmware *
ricoh d8400_firmware *
ricoh d2200_firmware *
ricoh d6500_firmware *
ricoh d5510_firmware *
ricoh d5520_firmware *
ricoh d6510_firmware *
CVE-2018-16185 MEDIUM

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ricoh d5500_firmware *
ricoh d7500_firmware *
ricoh d8400_firmware *
ricoh d2200_firmware *
ricoh d6500_firmware *
ricoh d5510_firmware *
ricoh d5520_firmware *
ricoh d6510_firmware *
CVE-2018-16186 HIGH

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
ricoh d5500_firmware *
ricoh d7500_firmware *
ricoh d8400_firmware *
ricoh d2200_firmware *
ricoh d6500_firmware *
ricoh d5510_firmware *
ricoh d5520_firmware *
ricoh d6510_firmware *
CVE-2018-16187 MEDIUM

The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
ricoh d5500_firmware *
ricoh d7500_firmware *
ricoh d8400_firmware *
ricoh d2200_firmware *
ricoh d6500_firmware *
ricoh d5510_firmware *
ricoh d5520_firmware *
ricoh d6510_firmware *
CVE-2018-16188 HIGH

SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
ricoh d5500_firmware *
ricoh d7500_firmware *
ricoh d8400_firmware *
ricoh d2200_firmware *
ricoh d6500_firmware *
ricoh d5510_firmware *
ricoh d5520_firmware *
ricoh d6510_firmware *
CVE-2018-17001 MEDIUM

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh sp_4510sf_firmware -
CVE-2018-17002 MEDIUM

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_2001sp_firmware -
CVE-2018-17309 MEDIUM

On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_c406zspf_firmware -
CVE-2018-17310 MEDIUM

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_c1803_jpn_firmware -
CVE-2018-17311 MEDIUM

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_c6503_firmware -
CVE-2018-17312 MEDIUM

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh aficio_mp_301spf_firmware -
CVE-2018-17313 MEDIUM

On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_c307_firmware -
CVE-2018-17314 MEDIUM

On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_305+_firmware -
CVE-2018-17315 MEDIUM

On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_c2003sp_firmware -
CVE-2018-17316 MEDIUM

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_c6003_firmware -
CVE-2018-18006 HIGH

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
ricoh myprint 2.2.7
ricoh myprint 2.9.2.4
CVE-2019-11844 MEDIUM

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh sp_4520dn_firmware -
CVE-2019-11845 MEDIUM

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh sp_4510dn_firmware -
CVE-2019-14299 MEDIUM

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c250dn_firmware 1.05
ricoh sp_c252dn_firmware *
CVE-2019-14300 HIGH

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_c250dn_firmware *
CVE-2019-14301 MEDIUM

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ricoh m_c250fw_firmware *
ricoh sp_277snwx_firmware *
ricoh p_c301w_firmware *
ricoh sp_212sfw_firmware *
ricoh sp_277sfnwx_firmware *
ricoh sp_213w_firmware *
ricoh sp_220sfnw_firmware *
ricoh mp_2014_firmware *
ricoh mp_2014ad_firmware *
ricoh sp_212suw_firmware *
ricoh sp_213nw_firmware *
ricoh sp_c260sfnw_firmware *
ricoh sp_213nw_(taiwan)_firmware *
ricoh sp_213suw_firmware *
ricoh sp_c250dn_firmware *
ricoh sp_330sn_firmware *
ricoh sp_3710dn_firmware *
ricoh sp_212nw_firmware *
ricoh sp_3710sf_firmware *
ricoh sp_c260dnw_firmware *
ricoh m_2701_firmware *
ricoh mp_2014d_firmware *
ricoh sp_c261dnw_firmware *
ricoh sp_213sfnw_firmware *
ricoh sp_213snw_firmware *
ricoh m_c250fwb_firmware *
ricoh sp_213sfnw_(taiwan)_firmware *
ricoh sp_c262sfnw_firmware *
ricoh sp_212sfnw_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c261sfnw_firmware *
ricoh sp_212snw_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_213snw_(taiwan)_firmware *
ricoh sp_c252sf_firmware *
ricoh sp_330sfn_firmware *
ricoh p_c300w_firmware *
ricoh sp_212sfnw_(china)_firmware *
ricoh sp_330dn_firmware *
ricoh sp_c262dnw_firmware *
ricoh sp_221snw_firmware *
ricoh sp_213sfw_firmware *
ricoh sp277nwx_firmware *
ricoh sp_220nw_firmware *
ricoh sp_221sfnw_firmware *
ricoh sp_220snw_firmware *
ricoh sp_221sf_firmware *
ricoh sp_221_firmware *
ricoh sp_221s_firmware *
ricoh m_2700_firmware *
ricoh sp_221nw_firmware *
ricoh sp_212w_firmware *
CVE-2019-14302 HIGH

On Ricoh SP C250DN 1.06 devices, a debug port can be used.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ricoh sp_277snwx_firmware *
ricoh sp_212sfw_firmware *
ricoh sp_277sfnwx_firmware *
ricoh sp_213w_firmware *
ricoh sp_220sfnw_firmware *
ricoh mp_2014_firmware *
ricoh mp_2014ad_firmware *
ricoh sp_210sf_(china)_firmware *
ricoh sp_212suw_firmware *
ricoh sp_213nw_firmware *
ricoh sp_c260sfnw_firmware *
ricoh sp_213nw_(taiwan)_firmware *
ricoh sp_213suw_firmware *
ricoh sp_c250dn_firmware *
ricoh sp_210su_q_(china)_firmware *
ricoh sp_330sn_firmware *
ricoh sp_210_(china)_firmware *
ricoh sp_3710dn_firmware *
ricoh sp_212nw_firmware *
ricoh sp_211sf_firmware *
ricoh sp_3710sf_firmware *
ricoh sp_c260dnw_firmware *
ricoh m_2701_firmware *
ricoh sp_210_q_(china)_firmware *
ricoh mp_2014d_firmware *
ricoh sp_c261dnw_firmware *
ricoh sp_213sfnw_firmware *
ricoh sp_213snw_firmware *
ricoh sp_213sfnw_(taiwan)_firmware *
ricoh sp_c262sfnw_firmware *
ricoh sp_212sfnw_firmware *
ricoh sp_210su_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c261sfnw_firmware *
ricoh sp_212snw_firmware *
ricoh sp_210_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_210e_(china)_firmware *
ricoh sp_210sf_firmware *
ricoh sp_213snw_(taiwan)_firmware *
ricoh sp_c252sf_firmware *
ricoh sp_330sfn_firmware *
ricoh sp_212sfnw_(china)_firmware *
ricoh sp_330dn_firmware *
ricoh sp_c262dnw_firmware *
ricoh sp_221snw_firmware *
ricoh sp_213sfw_firmware *
ricoh sp277nwx_firmware *
ricoh sp_211su_firmware *
ricoh sp_211_firmware *
ricoh sp_220nw_firmware *
ricoh sp_210su_(china)_firmware *
ricoh sp_221sfnw_firmware *
ricoh sp_210sf_q_(china)_firmware *
ricoh sp_220snw_firmware *
ricoh sp_221sf_firmware *
ricoh sp_221_firmware *
ricoh sp_221s_firmware *
ricoh m_2700_firmware *
ricoh sp_221nw_firmware *
ricoh sp_212w_firmware *
CVE-2019-14303 MEDIUM

Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c250dn_firmware 1.05
ricoh sp_c252dn_firmware *
CVE-2019-14304 MEDIUM

Ricoh SP C250DN 1.06 devices allow CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
ricoh m_c250fw_firmware *
ricoh sp_277snwx_firmware *
ricoh p_c301w_firmware *
ricoh sp_212sfw_firmware *
ricoh sp_277sfnwx_firmware *
ricoh sp_213w_firmware *
ricoh sp_220sfnw_firmware *
ricoh mp_2014_firmware *
ricoh mp_2014ad_firmware *
ricoh sp_212suw_firmware *
ricoh sp_213nw_firmware *
ricoh sp_c260sfnw_firmware *
ricoh sp_213nw_(taiwan)_firmware *
ricoh sp_213suw_firmware *
ricoh sp_c250dn_firmware *
ricoh sp_330sn_firmware *
ricoh sp_3710dn_firmware *
ricoh sp_212nw_firmware *
ricoh sp_3710sf_firmware *
ricoh sp_c260dnw_firmware *
ricoh m_2701_firmware *
ricoh mp_2014d_firmware *
ricoh sp_c261dnw_firmware *
ricoh sp_213sfnw_firmware *
ricoh sp_213snw_firmware *
ricoh m_c250fwb_firmware *
ricoh sp_213sfnw_(taiwan)_firmware *
ricoh sp_c262sfnw_firmware *
ricoh sp_212sfnw_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c261sfnw_firmware *
ricoh sp_212snw_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_213snw_(taiwan)_firmware *
ricoh sp_c252sf_firmware *
ricoh sp_330sfn_firmware *
ricoh p_c300w_firmware *
ricoh sp_212sfnw_(china)_firmware *
ricoh sp_330dn_firmware *
ricoh sp_c262dnw_firmware *
ricoh sp_221snw_firmware *
ricoh sp_213sfw_firmware *
ricoh sp277nwx_firmware *
ricoh sp_220nw_firmware *
ricoh sp_221sfnw_firmware *
ricoh sp_220snw_firmware *
ricoh sp_221sf_firmware *
ricoh sp_221_firmware *
ricoh sp_221s_firmware *
ricoh m_2700_firmware *
ricoh sp_221nw_firmware *
ricoh sp_212w_firmware *
CVE-2019-14305 HIGH

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_c250dn_firmware *
CVE-2019-14306 MEDIUM

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ricoh sp_277snwx_firmware *
ricoh sp_212sfw_firmware *
ricoh sp_277sfnwx_firmware *
ricoh sp_213w_firmware *
ricoh sp_220sfnw_firmware *
ricoh mp_2014_firmware *
ricoh mp_2014ad_firmware *
ricoh sp_212suw_firmware *
ricoh sp_213nw_firmware *
ricoh sp_c260sfnw_firmware *
ricoh sp_213nw_(taiwan)_firmware *
ricoh sp_213suw_firmware *
ricoh sp_c250dn_firmware *
ricoh sp_330sn_firmware *
ricoh sp_3710dn_firmware *
ricoh sp_212nw_firmware *
ricoh sp_3710sf_firmware *
ricoh sp_c260dnw_firmware *
ricoh m_2701_firmware *
ricoh mp_2014d_firmware *
ricoh sp_c261dnw_firmware *
ricoh sp_213sfnw_firmware *
ricoh sp_213snw_firmware *
ricoh sp_213sfnw_(taiwan)_firmware *
ricoh sp_c262sfnw_firmware *
ricoh sp_212sfnw_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c261sfnw_firmware *
ricoh sp_212snw_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_213snw_(taiwan)_firmware *
ricoh sp_c252sf_firmware *
ricoh sp_330sfn_firmware *
ricoh sp_212sfnw_(china)_firmware *
ricoh sp_330dn_firmware *
ricoh sp_c262dnw_firmware *
ricoh sp_221snw_firmware *
ricoh sp_213sfw_firmware *
ricoh sp277nwx_firmware *
ricoh sp_220nw_firmware *
ricoh sp_221sfnw_firmware *
ricoh sp_220snw_firmware *
ricoh sp_221sf_firmware *
ricoh sp_221_firmware *
ricoh sp_221s_firmware *
ricoh m_2700_firmware *
ricoh sp_221nw_firmware *
ricoh sp_212w_firmware *
CVE-2019-14307 HIGH

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_c250dn_firmware *
CVE-2019-14308 HIGH

Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c252dn_firmware *
ricoh sp_c250dn_firmware *
CVE-2019-14309 MEDIUM

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c250dn_firmware 1.05
ricoh sp_c252dn_firmware *
CVE-2019-14310 HIGH

Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ricoh sp_c252sf_firmware *
ricoh sp_c250sf_firmware *
ricoh sp_c250dn_firmware 1.05
ricoh sp_c252dn_firmware *
CVE-2019-18203 MEDIUM

On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ricoh mp_501_firmware -
CVE-2019-19363 MEDIUM

An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
ricoh ps_driver_for_universal_print *
ricoh rpcs_driver -
ricoh rpcs_raster_driver -
ricoh pcl6_driver_for_universal_print *
ricoh generic_pcl5_driver -
ricoh postscript3_driver -
ricoh pcl6_(pcl_xl)_driver -
ricoh pc_fax_generic_driver -
CVE-2019-20001 MEDIUM

An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ricoh streamline_nx_pc_client *
ricoh streamline_nx_client_tool 1.4.8
CVE-2019-6021 MEDIUM

Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
ricoh limedio *
CVE-2019-7751 MEDIUM

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
ricoh fusionpro_vdp *
CVE-2021-33945 HIGH

RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
ricoh sp_c260sfnw_firmware -
ricoh sp_212snw_firmware -
ricoh sp_312sfnw_firmware -
ricoh sp_221sfnw_firmware -
ricoh sp_3710sf_firmware -
ricoh sp_330sn_firmware 1.06
ricoh sp_221nw_firmware -
ricoh p_310_firmware -
ricoh sp_c250sf_firmware -
ricoh p_c301w_firmware -
ricoh sp_325dnw_firmware 1.06
ricoh p_311_firmware -
ricoh sp_330sn_firmware -
ricoh sp_310sfnw_firmware -
ricoh sp_325dnw_firmware -
ricoh sp_220snw_firmware 1.06
ricoh sp_320sn_firmware 1.06
ricoh sp_221s_firmware 1.06
ricoh sp_221sfnw_firmware 1.06
ricoh sp_3710dn_firmware -
ricoh sp_212sfnw_firmware -
ricoh sp_330dn_firmware -
ricoh sp_c262dnw_firmware -
ricoh sp_213sfw_firmware -
ricoh sp_320dn_firmware 1.06
ricoh sp_c261sfnw_firmware -
ricoh sp_221sf_firmware 1.06
ricoh sp_330sfn_firmware -
ricoh p_c300w_firmware -
ricoh m_2700_firmware -
ricoh sp_325snw_firmware -
ricoh sp_c262sfnw_firmware -
ricoh aficio_sp_3500sf_firmware 1.06
ricoh sp_c250dn_firmware -
ricoh sp_213suw_firmware -
ricoh sp_220sfnw_firmware 1.06
ricoh sp_311sfnw_firmware -
ricoh sp_c261dnw_firmware -
ricoh m_c2000_firmware -
ricoh m_c250fw_firmware -
ricoh sp_c252dn_firmware -
ricoh sp_325sfnw_firmware -
ricoh m_320fb_firmware -
ricoh sp_c252sf_firmware -
ricoh sp_377dnwx_firmware -
ricoh sp_212nw_firmware -
ricoh m_320f_firmware -
ricoh sp_220nw_firmware -
ricoh m_2701_firmware -
ricoh sp_212sfw_firmware -
ricoh sp_277sfnwx_firmware -
ricoh sp_213snw_firmware -
ricoh sp_221snw_firmware -
ricoh sp_312dnw_firmware -
ricoh sp_377sfnwx_firmware -
ricoh sp_212suw_firmware -
ricoh sp_220snw_firmware -
ricoh sp_377snwx_firmware -
ricoh sp_311dnw_firmware -
ricoh m_320_firmware -
ricoh sp_320sfn_firmware 1.06
ricoh sp_220sfnw_firmware -
ricoh sp_310dnw_firmware -
ricoh sp_213w_firmware -
ricoh m_c250fwb_firmware -
ricoh sp_325snw_firmware 1.06
ricoh sp_277nwx_firmware -
ricoh sp_221snw_firmware 1.06
ricoh sp_c260dnw_firmware -
ricoh sp_212w_firmware -
ricoh sp_213sfnw_firmware -
ricoh sp_325sfnw_firmware 1.06
ricoh sp_277snwx_firmware -
ricoh sp_213nw_firmware -
CVE-2022-36403

Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
ricoh device_software_manager *
CVE-2022-37406

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

Products Affected

Vendor Product Version
ricoh aficio_sp_4210n_firmware *
CVE-2022-43969

Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
ricoh mp_c407_firmware *
ricoh mp_c4503_smart_operation_panel_firmware *
ricoh mp_c6003_smart_operation_panel_firmware *
ricoh im_c3500_firmware *
ricoh mp_c5504ex_firmware *
ricoh mp_2555_firmware *
ricoh im_c8000_firmware *
ricoh mp_3055_firmware *
ricoh im_5000_firmware *
ricoh mp_c5503_firmware *
ricoh mp_c4504ex_firmware *
ricoh im_c530f_firmware *
ricoh mp_c5504_firmware *
ricoh mp_c306_firmware *
ricoh im_6000_firmware *
ricoh im_c3000_firmware *
ricoh im_430fb_firmware *
ricoh mp_c307_firmware *
ricoh mp_c2003_firmware *
ricoh mp_c2003_smart_operation_panel_firmware *
ricoh im_c5500_firmware *
ricoh mp_c3003_smart_operation_panel_firmware *
ricoh mp_c3504_firmware *
ricoh mp_c6003_firmware *
ricoh im_cw2200_firmware *
ricoh mp_c406_firmware *
ricoh mp_4055_firmware *
ricoh m_c2001_firmware *
ricoh mp_c3503_firmware *
ricoh im_c400srf_firmware *
ricoh mp_c3503_smart_operation_panel_firmware *
ricoh mp_c3004_firmware *
ricoh im_c6000_firmware *
ricoh im_3000_firmware *
ricoh im_c300f_firmware *
ricoh mp_6055_firmware *
ricoh im_600f_firmware *
ricoh mp_c2503_smart_operation_panel_firmware *
ricoh mp_c4503_firmware *
ricoh mp_c5503_smart_operation_panel_firmware *
ricoh mp_c3003_firmware *
ricoh mp_c2504ex_firmware *
ricoh im_3500_firmware *
ricoh mp_c4504_firmware *
ricoh im_c400f_firmware *
ricoh im_c4500_firmware *
ricoh mp_c3504ex_firmware *
ricoh im_c2000_firmware *
ricoh im_430f_firmware *
ricoh im_9000_firmware *
ricoh mp_c6004ex_firmware *
ricoh pro_c5300s_firmware *
ricoh pro_c5310s_firmware *
ricoh im_c2500_firmware *
ricoh mp_305+_firmware *
ricoh im_4000_firmware *
ricoh im_2702_firmware *
ricoh im_2500_firmware *
ricoh im_c530fb_firmware *
ricoh mp_5055_firmware *
ricoh mp_402spf_firmware *
ricoh im_350_firmware *
ricoh im_600srf_firmware *
ricoh im_550f_firmware *
ricoh im_8000_firmware *
ricoh im_350f_firmware *
ricoh mp_c2504_firmware *
ricoh mp_c2004_firmware *
ricoh mp_c6004_firmware *
ricoh im_c6500_firmware *
ricoh mp_c3004ex_firmware *
ricoh im_cw2201_firmware *
ricoh im_c300_firmware *
ricoh mp_c2503_firmware *
ricoh mp_3555_firmware *
ricoh mp_c2004ex_firmware *
ricoh im_7000_firmware *
CVE-2023-30759

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.

Products Affected

Vendor Product Version
ricoh printer_driver_packager_nx *