Lucene search

K

Ricoh Security Vulnerabilities

cve
cve

CVE-2024-22475

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...

6.7AI Score

0.0004EPSS

2024-03-18 08:15 AM
38
cve
cve

CVE-2024-21824

Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...

6.6AI Score

0.0004EPSS

2024-03-18 08:15 AM
32
cve
cve

CVE-2022-43969

Ricoh mp_c4504ex devices with firmware 1.06 mishandle...

9.1CVSS

9.2AI Score

0.001EPSS

2023-02-16 02:15 PM
56
cve
cve

CVE-2023-30759

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-06-19 05:15 AM
10
cve
cve

CVE-2019-19363

An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC...

7.8CVSS

7.5AI Score

0.001EPSS

2020-01-24 06:15 PM
118
In Wild
2
cve
cve

CVE-2019-14301

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of...

7.5CVSS

8.2AI Score

0.001EPSS

2020-01-10 06:15 PM
99
cve
cve

CVE-2019-14304

Ricoh SP C250DN 1.06 devices allow...

8.8CVSS

8.7AI Score

0.001EPSS

2020-01-10 06:15 PM
101
cve
cve

CVE-2019-14302

On Ricoh SP C250DN 1.06 devices, a debug port can be...

6.8CVSS

6.8AI Score

0.001EPSS

2020-01-10 06:15 PM
97
cve
cve

CVE-2019-14306

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of...

7.5CVSS

7.9AI Score

0.001EPSS

2020-01-10 06:15 PM
95
cve
cve

CVE-2022-37406

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary...

4.8CVSS

4.8AI Score

0.001EPSS

2022-12-07 04:15 AM
24
cve
cve

CVE-2015-6750

Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER...

8.2AI Score

0.004EPSS

2022-10-03 04:15 PM
21
cve
cve

CVE-2022-36403

Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...

7.8CVSS

7.7AI Score

0.001EPSS

2022-09-08 08:15 AM
27
6
cve
cve

CVE-2021-33945

RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This...

9.8CVSS

9.6AI Score

0.002EPSS

2022-02-15 08:15 PM
76
cve
cve

CVE-2019-20001

An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local...

7.8CVSS

7.6AI Score

0.0004EPSS

2020-08-04 01:15 PM
22
cve
cve

CVE-2019-14309

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP...

7.5CVSS

7.3AI Score

0.002EPSS

2020-03-13 07:15 PM
39
cve
cve

CVE-2019-14310

Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP...

9.8CVSS

9.3AI Score

0.002EPSS

2020-03-13 07:15 PM
36
cve
cve

CVE-2019-14303

Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service...

7.5CVSS

7.4AI Score

0.001EPSS

2020-03-13 07:15 PM
67
cve
cve

CVE-2019-14299

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute...

9.8CVSS

9.2AI Score

0.002EPSS

2020-03-13 07:15 PM
59
cve
cve

CVE-2019-7751

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation...

7.5CVSS

8.1AI Score

0.082EPSS

2019-12-31 05:15 PM
36
cve
cve

CVE-2019-6021

Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted...

6.1CVSS

6.1AI Score

0.001EPSS

2019-12-26 04:15 PM
22
cve
cve

CVE-2019-18203

On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2019-10-21 06:15 PM
61
cve
cve

CVE-2019-14305

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the...

9.8CVSS

9.3AI Score

0.005EPSS

2019-08-26 03:15 PM
28
cve
cve

CVE-2019-14307

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...

9.8CVSS

9.3AI Score

0.005EPSS

2019-08-26 03:15 PM
25
cve
cve

CVE-2019-14300

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is...

9.8CVSS

9.3AI Score

0.005EPSS

2019-08-26 03:15 PM
34
cve
cve

CVE-2019-14308

Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is...

9.8CVSS

9.3AI Score

0.005EPSS

2019-08-26 02:15 PM
22
cve
cve

CVE-2019-11844

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn...

6.1CVSS

6.4AI Score

0.001EPSS

2019-05-14 06:29 PM
45
cve
cve

CVE-2019-11845

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn...

6.1CVSS

6.3AI Score

0.001EPSS

2019-05-14 06:29 PM
42
cve
cve

CVE-2018-16185

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2...

7.8CVSS

8.8AI Score

0.001EPSS

2019-01-09 11:29 PM
18
cve
cve

CVE-2018-16188

SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH...

9.8CVSS

9.8AI Score

0.001EPSS

2019-01-09 11:29 PM
21
cve
cve

CVE-2018-16186

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2...

8.8CVSS

9.1AI Score

0.001EPSS

2019-01-09 11:29 PM
30
cve
cve

CVE-2018-16184

RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified...

9.8CVSS

9.7AI Score

0.003EPSS

2019-01-09 11:29 PM
20
cve
cve

CVE-2018-16187

The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller...

5.9CVSS

7.4AI Score

0.001EPSS

2019-01-09 11:29 PM
18
cve
cve

CVE-2018-18006

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed...

9.8CVSS

9AI Score

0.007EPSS

2018-12-14 03:29 PM
29
cve
cve

CVE-2018-17316

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-26 10:29 PM
23
cve
cve

CVE-2018-17315

On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-26 10:29 PM
21
cve
cve

CVE-2018-17313

On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.003EPSS

2018-09-26 10:29 PM
44
cve
cve

CVE-2018-17309

On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-26 10:29 PM
27
cve
cve

CVE-2018-17312

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-26 10:29 PM
24
cve
cve

CVE-2018-17314

On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-26 10:29 PM
24
cve
cve

CVE-2018-17310

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.003EPSS

2018-09-26 10:29 PM
38
cve
cve

CVE-2018-17311

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-26 10:29 PM
23
cve
cve

CVE-2018-17002

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-21 05:29 PM
17
cve
cve

CVE-2018-17001

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to...

6.1CVSS

6.3AI Score

0.001EPSS

2018-09-21 05:29 PM
17
cve
cve

CVE-2018-15884

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn...

8.8CVSS

8.8AI Score

0.001EPSS

2018-08-28 07:29 PM
43
cve
cve

CVE-2012-5002

Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP...

8.3AI Score

0.614EPSS

2012-09-19 07:55 PM
16