Specific Ricoh MFP and Printer Products - a server-side request forgery vulnerability(CVE-2023-50733) , a firmware downgrade prevention vulnerability(CVE-2023-50738) and a buffer overflow vulnerability(CVE-2023-50739)
First published: 02:00 pm on April 19, 2024 (2024-04-19T13:00:00+09:00)
Ricoh Company, Ltd.
Ricoh has identified a server-side request forgery vulnerability(CVE-2023-50733) , a firmware downgrade prevention vulnerability(CVE-2023-50738) and a buffer overflow vulnerability(CVE-2023-50739) towards Ricoh printers.
List 1 below shows the affected printers. Ricoh offers countermeasures detailed in the hyperlinked pages in the list.
CVE-2023-50733:Server-Side Request Forgery (SSRF) vulnerability in the Web Services feature that can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50738:Firmware downgrade prevention vulnerability that can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50739:Buffer overflow vulnerability in the Internet Printing Protocol (IPP) that can be leveraged by an attacker to execute arbitrary code.
Vulnerability Information ID | ricoh-2024-000003 |
Version | 1.00E |
CVE ID(CWE ID) | CVE-2023-50733 (CWE-918, CWE-20) CVE-2023-50738 (CWE-354, CWE-1328) CVE-2023-50739 (CWE-122) |
CVSSv3 score | 8.8 CRITICAL |
List 1: Ricoh products and services affected by this vulnerability
Product/service | Link to details |
P C200W | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2024-000003 |
P C200W | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2024-000003 |
Contact
Please contact your local Ricoh representative or dealer if you have any queries.
History:
2024-04-19T13:00:00+09:00 : 1.00E Initial public release
News
Keep up to date
- 02Oct
Ricoh Asia Pacific Establishes Malaysia Hub for Digital Transformation
- 19Sep
Ricoh and LG Announce Global Partnership to Enhance Workplace Experience Solutions
- 18Sep
New RICOH Pro 8400(S) series sets new standards in reliability and sustainability in the production market
- 06Aug
Ricoh Achieves 'Gold Provider' Partner Status with CISCO in the Asia-Pacific Region