CVE-2022-37406
https://notcve.org/view.php?id=CVE-2022-37406
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting en versiones de firmware de Aficio SP 4210N anteriores a Web Support 1.05 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario. • https://jvn.jp/en/jp/JVN24659622/index.html https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-36403
https://notcve.org/view.php?id=CVE-2022-36403
Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en el instalador de Device Software Manager versiones anteriores a 2.20.3.0, permite a un atacante alcanzar privilegios por medio de una DLL de caballo de Troya en un directorio no especificado • https://jvn.jp/en/jp/JVN44721267/index.html https://www.ricoh.com/software/dev_soft_manager • CWE-426: Untrusted Search Path •
CVE-2021-33945
https://notcve.org/view.php?id=CVE-2021-33945
RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Se ha detectado que los productos de la serie SP de RICOH 320DN, SP 325DNw, SP 320SN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw versión v1.06, contienen un desbordamiento del buffer de pila en el archivo /etc/wpa_supplicant.conf. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de datos desbordados diseñados • https://github.com/Ainevsia/CVE-Request/tree/main/Ricoh/1 https://www.ricoh.com/info/2022/0228_1 • CWE-787: Out-of-bounds Write •
CVE-2019-20001
https://notcve.org/view.php?id=CVE-2019-20001
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. Se detectó un problema en RICOH Streamline NX Client Tool y RICOH Streamline NX PC Client, que permite a atacantes escalar privilegios locales • https://support.ricoh.com/html_gen/util/STREAM/Streamline.html https://www.ricoh-usa.com/en/support-and-download •
CVE-2019-14299
https://notcve.org/view.php?id=CVE-2019-14299
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. Los dispositivos Ricoh SP C250DN versión 1.05, presentan un Método de Autenticación Vulnerable a los Ataques de Fuerza Bruta. Algunas impresoras Ricoh no implementaron el bloqueo de cuentas. • https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers https://www.ricoh-usa.com/en/support-and-download • CWE-307: Improper Restriction of Excessive Authentication Attempts •