Vulnerability Details CVE-2019-14309
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/
- https://www.ricoh-usa.com/en/support-and-download
- https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/
- https://www.ricoh-usa.com/en/support-and-download
Products affected by CVE-2019-14309
-
cpe:2.3:h:ricoh:sp_c250dn:-
-
cpe:2.3:h:ricoh:sp_c250sf:-
-
cpe:2.3:h:ricoh:sp_c252dn:-
-
cpe:2.3:h:ricoh:sp_c252sf:-
-
cpe:2.3:o:ricoh:sp_c250dn_firmware:1.05
-
cpe:2.3:o:ricoh:sp_c250sf_firmware:-
-
cpe:2.3:o:ricoh:sp_c250sf_firmware:1.13
-
cpe:2.3:o:ricoh:sp_c250sf_firmware:1.15
-
cpe:2.3:o:ricoh:sp_c252dn_firmware:-
-
cpe:2.3:o:ricoh:sp_c252dn_firmware:1.07
-
cpe:2.3:o:ricoh:sp_c252dn_firmware:1.09
-
cpe:2.3:o:ricoh:sp_c252sf_firmware:-
-
cpe:2.3:o:ricoh:sp_c252sf_firmware:1.13
-
cpe:2.3:o:ricoh:sp_c252sf_firmware:1.15