Lucene search

[email protected]CVE-2018-16186

HistoryJan 09, 2019 - 11:29 p.m.

CVE-2018-16186

2019-01-0923:29:04

CWE-798

[email protected]

web.nvd.nist.gov

ricoh

interactive

whiteboard

d2200

d5500

d5510

d5520

d6500

d6510

d7500

d8400

hard-coded credentials

security vulnerability

nvd

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.

Affected configurations

NVD

Node

ricohd2200_firmwareRange1.1–2.2

AND

ricohd2200Match-

Node

ricohd5500_firmwareRange1.1–2.2

AND

ricohd5500Match-

Node

ricohd5510_firmwareRange1.1–2.2

AND

ricohd5510Match-

Node

ricohd5520_firmwareRange1.1–2.2

ricohd5520_firmwareRange3.0–3.1.10137.0

AND

ricohd5520Match-

Node

ricohd6500_firmwareRange1.1–2.2

AND

ricohd6500Match-

Node

ricohd6510_firmwareRange1.1–2.2

ricohd6510_firmwareRange3.0–3.1.10137.0

AND

ricohd6510Match-

Node

ricohd7500_firmwareRange1.1–2.2

ricohd7500_firmwareRange3.0–3.1.10137.0

AND

ricohd7500Match-

Node

ricohd8400_firmwareRange1.1–2.2

ricohd8400_firmwareRange3.0–3.1.10137.0

AND

ricohd8400Match-

CPENameOperatorVersion
ricoh:d2200_firmwarericoh d2200 firmwarele2.2

CPE	Name	Operator	Version
ricoh:d2200_firmware	ricoh d2200 firmware	le	2.2

CNA Affected

[
  {
    "product": "RICOH Interactive Whiteboard",
    "vendor": "RICOH COMPANY, LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN55263945/index.html

www.ricoh.com/info/2018/1127_1.html

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVE-2018-16186

prion1 nvd1 cvelist1 openvas1 jvn1