Vulnerabilities > Ricoh > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-37406 Cross-site Scripting vulnerability in Ricoh Aficio SP 4210N Firmware
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
network
low complexity
ricoh CWE-79
4.8
2020-08-04 CVE-2019-20001 Improper Privilege Management vulnerability in Ricoh Streamline NX Client Tool and Streamline NX PC Client
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
local
low complexity
ricoh CWE-269
4.6
2020-03-13 CVE-2019-14309 Use of Hard-coded Credentials vulnerability in Ricoh products
Ricoh SP C250DN 1.05 devices have a fixed password.
network
low complexity
ricoh CWE-798
5.0
2020-03-13 CVE-2019-14303 Unspecified vulnerability in Ricoh products
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3).
network
low complexity
ricoh
5.0
2020-03-13 CVE-2019-14299 Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks.
network
low complexity
ricoh CWE-307
5.0
2020-01-10 CVE-2019-14302 Unspecified vulnerability in Ricoh products
On Ricoh SP C250DN 1.06 devices, a debug port can be used.
low complexity
ricoh
6.8
2019-12-31 CVE-2019-7751 Path Traversal vulnerability in Ricoh Fusionpro VDP
A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files.
network
low complexity
ricoh CWE-22
5.0
2019-12-26 CVE-2019-6021 Open Redirect vulnerability in Ricoh Limedio
Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
network
ricoh CWE-601
5.8
2019-10-21 CVE-2019-18203 Cross-site Scripting vulnerability in Ricoh MP 501 Firmware
On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3
2019-05-14 CVE-2019-11845 Cross-site Scripting vulnerability in Ricoh SP 4510Dn Firmware
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
network
ricoh CWE-79
4.3