CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2018-16187
https://notcve.org/view.php?id=CVE-2018-16187
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. RICOH Interactive Whiteboard D2200, desde la V1.3 hasta la V2.2; D5500, desde la V1.3 hasta la V2.2; D5510, desde la V1.3 hasta la V2.2; las versiones con pantalla de RICOH Interactive Whiteboard Controller Type1, desde la V1.3 hasta la V2.2 (D5520, D6500, D6510, D7500, D8400) y las versiones con pantalla de RICOH Interactive Whiteboard Controller Type2, desde la V3.0 hasta la V3.1.10137.0 (D5520, D6510, D7500, D8400), no verifican sus certificados del servidor, lo que permite que atacantes Man-in-the-Middle (MitM) espíen las comunicaciones cifradas. • https://jvn.jp/en/jp/JVN55263945/index.html https://www.ricoh.com/info/2018/1127_1.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-18006 – Ricoh myPrint Hardcoded Credentials / Information Disclosure
https://notcve.org/view.php?id=CVE-2018-18006
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files. Las credenciales embebidas para la aplicación Ricoh myPrint, en versiones 2.9.2.4 para Windows y en versiones 2.2.7 para Android, otorga acceso a cualquier API WSDL de myPrint, tal y como queda demostrado con el descubrimiento de secretos de la API de impresoras Google en la nube, contraseñas cifradas de los servidores mail y los nombres de los archivos impresos. Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected. • http://packetstormsecurity.com/files/150399/Ricoh-myPrint-Hardcoded-Credentials-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Nov/46 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17316 – RICOH MP C6003 Printer Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-17316
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. En la impresora RICOH MP C6003, se han descubierto vulnerabilidades de inyección HTML y Cross-Site Scripting (XSS) persistente en el área de adición de direcciones mediante el parámetro entryNameIn en /web/entry/en/address/adrsSetUserWizard.cgi. The RICOH MP C6003 printer suffers from cross site scripting and html injection vulnerabilities. • http://packetstormsecurity.com/files/149505/RICOH-MP-C6003-Printer-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17315 – RICOH MP C2003 Printer Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-17315
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. En la impresora RICOH MP C2003, se han descubierto vulnerabilidades de inyección HTML y Cross-Site Scripting (XSS) persistente en el área de adición de direcciones mediante el parámetro entryNameIn en /web/entry/en/address/adrsSetUserWizard.cgi. The RICOH MP C2003 printer suffers from cross site scripting and html injection vulnerabilities. • http://packetstormsecurity.com/files/149502/RICOH-MP-C2003-Printer-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17314 – RICOH MP 305+ Printer Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-17314
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. En la impresora RICOH Aficio MP 305+, se han descubierto vulnerabilidades de inyección HTML y Cross-Site Scripting (XSS) persistente en el área de adición de direcciones mediante el parámetro entryNameIn en /web/entry/en/address/adrsSetUserWizard.cgi. The RICOH MP 305+ printer suffers from cross site scripting and html injection vulnerabilities. • http://packetstormsecurity.com/files/149501/RICOH-MP-305-Printer-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •