Vulnerabilities (CVE)

Filtered by vendor Ricoh Subscribe
Filtered by product Sp C250sf
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33945 1 Ricoh 132 Aficio Sp 3500sf, Aficio Sp 3500sf Firmware, M 2700 and 129 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
CVE-2019-14310 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets
CVE-2019-14309 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.
CVE-2019-14308 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
CVE-2019-14307 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 7.5 HIGH 8.8 HIGH
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
CVE-2019-14306 1 Ricoh 96 M 2700, M 2700 Firmware, M 2701 and 93 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).
CVE-2019-14305 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 7.5 HIGH 8.8 HIGH
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
CVE-2019-14304 1 Ricoh 104 M 2700, M 2700 Firmware, M 2701 and 101 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Ricoh SP C250DN 1.06 devices allow CSRF.
CVE-2019-14303 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability.
CVE-2019-14302 1 Ricoh 121 M 2700, M 2700 Firmware, M 2701 and 118 more 2024-11-21 7.2 HIGH 6.8 MEDIUM
On Ricoh SP C250DN 1.06 devices, a debug port can be used.
CVE-2019-14301 1 Ricoh 104 M 2700, M 2700 Firmware, M 2701 and 101 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).
CVE-2019-14300 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
CVE-2019-14299 1 Ricoh 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.