Vulnerabilites related to Ricoh Co., Ltd - SP C250DN
jvndb-2019-000058
Vulnerability from jvndb
Published
2019-09-13 14:29
Modified
2020-02-25 17:27
Severity ?
Summary
Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)
Details
Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below.
* Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300
* Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305
* Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307
* Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000058.html",
"dc:date": "2020-02-25T17:27+09:00",
"dcterms:issued": "2019-09-13T14:29+09:00",
"dcterms:modified": "2020-02-25T17:27+09:00",
"description": "Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. \r\n* Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 \r\n* Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 \r\n* Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 \r\n* Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 \r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000058.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000058",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN11708203/index.html",
"@id": "JVN#11708203",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14300",
"@id": "CVE-2019-14300",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14305",
"@id": "CVE-2019-14305",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14307",
"@id": "CVE-2019-14307",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14308",
"@id": "CVE-2019-14308",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14300",
"@id": "CVE-2019-14300",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14305",
"@id": "CVE-2019-14305",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14307",
"@id": "CVE-2019-14307",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14308",
"@id": "CVE-2019-14308",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)"
}
jvndb-2019-014137
Vulnerability from jvndb
Published
2020-02-25 15:44
Modified
2020-02-25 15:44
Severity ?
Summary
Improper Access Control Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Improper Access Control (CWE-284).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ► | Vendor | Product | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014137.html",
"dc:date": "2020-02-25T15:44+09:00",
"dcterms:issued": "2020-02-25T15:44+09:00",
"dcterms:modified": "2020-02-25T15:44+09:00",
"description": "Multiple RICOH printers contain Improper Access Control (CWE-284).\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014137.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:sp_330dn_firmware",
"@product": "SP 330DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710dn_firmware",
"@product": "SP 3710DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710sf_firmware",
"@product": "SP 3710SF firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c260dnw_firmware",
"@product": "SP C260DNw firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014137",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14302",
"@id": "CVE-2019-14302",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14302",
"@id": "CVE-2019-14302",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Improper Access Control Vulnerability in RICOH printers"
}
jvndb-2019-014138
Vulnerability from jvndb
Published
2020-02-25 15:47
Modified
2020-02-25 15:47
Severity ?
Summary
Improper Authentication Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Improper Authentication Vulnerability (CWE-287).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
Impacted products
| ► | Vendor | Product | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014138.html",
"dc:date": "2020-02-25T15:47+09:00",
"dcterms:issued": "2020-02-25T15:47+09:00",
"dcterms:modified": "2020-02-25T15:47+09:00",
"description": "Multiple RICOH printers contain Improper Authentication Vulnerability (CWE-287).\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014138.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:sp_330dn_firmware",
"@product": "SP 330DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710dn_firmware",
"@product": "SP 3710DN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_3710sf_firmware",
"@product": "SP 3710SF firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c260dnw_firmware",
"@product": "SP C260DNw firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014138",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14306",
"@id": "CVE-2019-14306",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14306",
"@id": "CVE-2019-14306",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Improper Authentication Vulnerability in RICOH printers"
}
jvndb-2019-014136
Vulnerability from jvndb
Published
2020-02-25 14:02
Modified
2020-02-25 14:02
Severity ?
Summary
Information Disclosure Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Information Disclosure (CWE-200).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014136.html",
"dc:date": "2020-02-25T14:02+09:00",
"dcterms:issued": "2020-02-25T14:02+09:00",
"dcterms:modified": "2020-02-25T14:02+09:00",
"description": "Multiple RICOH printers contain Information Disclosure (CWE-200).\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014136.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:m_c250fwb_firmware",
"@product": "M C250FWB firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:m_c250fw_firmware",
"@product": "M C250FW firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c300w_firmware",
"@product": "P C300W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c301w_firmware",
"@product": "P C301W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014136",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14301",
"@id": "CVE-2019-14301",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14301",
"@id": "CVE-2019-14301",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Information Disclosure Vulnerability in RICOH printers"
}
jvndb-2019-014031
Vulnerability from jvndb
Published
2020-02-25 14:06
Modified
2020-02-25 14:06
Severity ?
Summary
Cross-site Request Forgery Vulnerability in RICOH printers
Details
Multiple RICOH printers contain Cross-site Request Forgery (CWE-352).
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014031.html",
"dc:date": "2020-02-25T14:06+09:00",
"dcterms:issued": "2020-02-25T14:06+09:00",
"dcterms:modified": "2020-02-25T14:06+09:00",
"description": "Multiple RICOH printers contain Cross-site Request Forgery (CWE-352). \r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014031.html",
"sec:cpe": [
{
"#text": "cpe:/o:ricoh:m_c250fwb_firmware",
"@product": "M C250FWB firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:m_c250fw_firmware",
"@product": "M C250FW firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c300w_firmware",
"@product": "P C300W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:p_c301w_firmware",
"@product": "P C301W firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sfn_firmware",
"@product": "SP 330SFN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_330sn_firmware",
"@product": "SP 330SN firmware",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250dn_firmware",
"@product": "SP C250DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c250sf_firmware",
"@product": "SP C250SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252dn_firmware",
"@product": "SP C252DN",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:ricoh:sp_c252sf_firmware",
"@product": "SP C252SF",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-014031",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN52962201/index.html",
"@id": "JVN#52962201",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14304",
"@id": "CVE-2019-14304",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-14304",
"@id": "CVE-2019-14304",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Cross-site Request Forgery Vulnerability in RICOH printers"
}