ricoh CVE Vulnerabilities & CVE List (43)

Products (CPE): — CVEs: 43

ricoh vulnerability overview

Aggregates CVE and security vulnerability intelligence across all ricoh-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk memory corruption, vendor risk sql injection, and vendor risk open redirect and related problems; some flaws may lead to vendor impact memory corruption and vendor impact file overwrite.

Vulnerability distribution trend (last 24 months)

Showing 120 of 43 CVEs
«« First « Prev Page 1 / 3 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-30759 The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege. [email protected] 7.8 0.06% 2023-06-19 2026-06-17
CVE-2022-43969 Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. [email protected] 9.1 0.54% 2023-02-16 2026-06-17
CVE-2022-37406 Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [email protected] 4.8 0.60% 2022-12-06 2026-06-17
CVE-2022-36403 Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. [email protected] 7.8 0.20% 2022-09-08 2026-06-17
CVE-2021-33945 RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. [email protected] 9.8 1.82% 2022-02-15 2026-06-16
CVE-2019-20001 An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. [email protected] 7.8 0.31% 2020-08-04 2026-06-16
CVE-2019-14310 Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets [email protected] 9.8 1.92% 2020-03-13 2026-06-16
CVE-2019-14309 Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. [email protected] 7.5 1.20% 2020-03-13 2026-06-16
CVE-2019-14303 Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. [email protected] 7.5 1.25% 2020-03-13 2026-06-16
CVE-2019-14299 Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. [email protected] 9.8 1.41% 2020-03-13 2026-06-16
CVE-2019-19363 An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version [email protected] 7.8 4.57% 2020-01-24 2026-06-16
CVE-2019-14306 Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2). [email protected] 7.5 1.41% 2020-01-10 2026-06-16
CVE-2019-14304 Ricoh SP C250DN 1.06 devices allow CSRF. [email protected] 8.8 0.71% 2020-01-10 2026-06-16
CVE-2019-14302 On Ricoh SP C250DN 1.06 devices, a debug port can be used. [email protected] 6.8 0.37% 2020-01-10 2026-06-16
CVE-2019-14301 Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). [email protected] 7.5 1.41% 2020-01-10 2026-06-16
CVE-2019-7751 A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. [email protected] 7.5 14.21% 2019-12-31 2026-06-16
CVE-2019-6021 Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. [email protected] 6.1 0.85% 2019-12-26 2026-06-16
CVE-2019-18203 On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. [email protected] 6.1 0.80% 2019-10-21 2026-06-16
CVE-2019-14307 Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is c [email protected] 8.8 3.04% 2019-08-26 2026-06-16
CVE-2019-14305 Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*: [email protected] 8.8 3.04% 2019-08-26 2026-06-16
«« First « Prev Page 1 / 3 Next »
cvelogic Threat Intelligence