Lucene search

[email protected]CVE-2018-16188

HistoryJan 09, 2019 - 11:29 p.m.

CVE-2018-16188

2019-01-0923:29:04

CWE-89

[email protected]

web.nvd.nist.gov

cve

2018

16188

sql injection

vulnerability

ricoh interactive whiteboard

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

NVD

Node

ricohd2200_firmwareRange1.3–2.2

AND

ricohd2200Match-

Node

ricohd5500_firmwareRange1.3–2.2

AND

ricohd5500Match-

Node

ricohd5510_firmwareRange1.3–2.2

AND

ricohd5510Match-

Node

ricohd5520_firmwareRange1.3–2.2

ricohd5520_firmwareRange3.0–3.1.10137.0

AND

ricohd5520Match-

Node

ricohd6500_firmwareRange1.3–2.2

AND

ricohd6500Match-

Node

ricohd6510_firmwareRange1.3–2.2

ricohd6510_firmwareRange3.0–3.1.10137.0

AND

ricohd6510Match-

Node

ricohd7500_firmwareRange1.3–2.2

ricohd7500_firmwareRange3.0–3.1.10137.0

AND

ricohd7500Match-

Node

ricohd8400_firmwareRange1.3–2.2

ricohd8400_firmwareRange3.0–3.1.10137.0

AND

ricohd8400Match-

CPENameOperatorVersion
ricoh:d2200_firmwarericoh d2200 firmwarele2.2

CPE	Name	Operator	Version
ricoh:d2200_firmware	ricoh d2200 firmware	le	2.2

CNA Affected

[
  {
    "product": "RICOH Interactive Whiteboard",
    "vendor": "RICOH COMPANY, LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN55263945/index.html

www.ricoh.com/info/2018/1127_1.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for CVE-2018-16188

prion1 cvelist1 nvd1 openvas1 jvn1