Vulnerabilities (CVE)

Filtered by vendor Ricoh Subscribe
Total 43 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14300 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
CVE-2019-14299 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
CVE-2019-11845 1 Ricoh 2 Sp 4510dn, Sp 4510dn Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
CVE-2019-11844 1 Ricoh 2 Sp 4520dn, Sp 4520dn Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
CVE-2018-18006 1 Ricoh 1 Myprint 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.
CVE-2018-17316 1 Ricoh 2 Mp C6003, Mp C6003 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17315 1 Ricoh 2 Mp C2003, Mp C2003sp Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17314 1 Ricoh 2 Mp 305\+, Mp 305\+ Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17313 1 Ricoh 2 Mp C307, Mp C307 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17312 1 Ricoh 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17311 1 Ricoh 2 Mp C6503, Mp C6503 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17310 1 Ricoh 2 Mp C1803 Jpn, Mp C1803 Jpn Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17309 1 Ricoh 2 Mp C406z, Mp C406zspf Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17002 1 Ricoh 2 Mp 2001sp, Mp 2001sp Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-17001 1 Ricoh 2 Sp 4510sf, Sp 4510sf Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVE-2018-16188 1 Ricoh 16 D2200, D2200 Firmware, D5500 and 13 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-16187 1 Ricoh 16 D2200, D2200 Firmware, D5500 and 13 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.
CVE-2018-16186 1 Ricoh 16 D2200, D2200 Firmware, D5500 and 13 more 2024-11-21 8.3 HIGH 8.8 HIGH
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.
CVE-2018-16185 1 Ricoh 16 D2200, D2200 Firmware, D5500 and 13 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.
CVE-2018-16184 1 Ricoh 16 D2200, D2200 Firmware, D5500 and 13 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.