CVE-2019-14303
https://notcve.org/view.php?id=CVE-2019-14303
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. Los dispositivos Ricoh SP C250DN versión 1.05, permite una denegación de servicio (problema 1 de 3). Algunas impresoras Ricoh fueron afectadas por una implementación errónea del servicio LPD que conllevó a una vulnerabilidad de denegación de servicio. • https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers https://www.ricoh-usa.com/en/support-and-download •
CVE-2019-14309
https://notcve.org/view.php?id=CVE-2019-14309
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. Los dispositivos Ricoh SP C250DN versión 1.05, presenta una contraseña fija. Se detectó que la credencial del servicio FTP estaba embebida dentro del firmware de la impresora. • https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers https://www.ricoh-usa.com/en/support-and-download • CWE-798: Use of Hard-coded Credentials •
CVE-2019-14310
https://notcve.org/view.php?id=CVE-2019-14310
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets Los dispositivos Ricoh SP C250DN versión 1.05, permiten una denegación de servicio (problema 2 de 3). Los paquetes diseñados no autenticados en el servicio IPP causarán que un dispositivo vulnerable se bloquee. Se ha identificado una corrupción de la memoria en la manera en como el dispositivo incorporado analizó los paquetes IPP • https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers https://www.ricoh-usa.com/en/support-and-download • CWE-787: Out-of-bounds Write •
CVE-2019-19363 – Ricoh Printer Drivers - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-19363
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version Se detectó un problema en los controladores de impresora de Windows de Ricoh (incluidos Savin y Lanier) antes del 2020, que permite a atacantes una escalada de privilegios locales. Los controladores y versiones afectados son: PCL6 Driver para Universal Print- Versión 4.0 o posterior, PS Driver para Universal Print - Versión 4.0 o posterior, PC FAX Generic Driver - Todas las versiones, Generic PCL5 Driver - Todas las versiones, RPCS Driver - Todas las versiones, PostScript3 Driver - Todas las versiones, PCL6 (PCL XL) Driver - todas las versiones, RPCS Raster Driver - todas las versiones. Ricoh printer drivers for Windows suffer from a local privilege escalation vulnerability due to insecure file permissions. Many versions are affected. • https://www.exploit-db.com/exploits/47962 https://www.exploit-db.com/exploits/48036 http://jvn.jp/en/jp/JVN15697526/index.html http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Jan/34 https://www.ricoh.com/info/2020/0122_1 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-14301
https://notcve.org/view.php?id=CVE-2019-14301
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). Los dispositivos Ricoh SP C250DN versión 1.06, tienen un Control de Acceso Incorrecto (problema 1 de 2). • http://jvn.jp/en/jp/JVN52962201/index.html https://www.ricoh.com/info/2019/0823_1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •