CVE-2019-14309

Published: Mar 13, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.

Affected (4)

Products: Ricoh: Sp C250sf Firmware, Sp C252sf Firmware, Sp C250dn Firmware, Sp C252dn Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C250sf Firmware	All versions

Running on/with	Platform Versions
Ricoh Sp C250sf	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C252sf Firmware	All versions

Running on/with	Platform Versions
Ricoh Sp C252sf	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C250dn Firmware	Version 1.05

Running on/with	Platform Versions
Ricoh Sp C250dn	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C252dn Firmware	All versions

Running on/with	Platform Versions
Ricoh Sp C252dn	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

Source: cve@mitre.org

Third Party Advisory

https://www.ricoh-usa.com/en/support-and-download

Source: cve@mitre.org

Vendor Advisory

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.ricoh-usa.com/en/support-and-download

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.