Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33945 | 1 Ricoh | 132 Aficio Sp 3500sf, Aficio Sp 3500sf Firmware, M 2700 and 129 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||
| CVE-2019-14310 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets | |||||
| CVE-2019-14303 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. | |||||
| CVE-2019-14299 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. | |||||
| CVE-2019-14309 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. | |||||
| CVE-2019-14302 | 1 Ricoh | 121 M 2700, M 2700 Firmware, M 2701 and 118 more | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
| On Ricoh SP C250DN 1.06 devices, a debug port can be used. | |||||
| CVE-2019-14304 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Ricoh SP C250DN 1.06 devices allow CSRF. | |||||
| CVE-2019-14301 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2019-14306 | 1 Ricoh | 96 M 2700, M 2700 Firmware, M 2701 and 93 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2). | |||||
| CVE-2019-14308 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14307 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14300 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14305 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||