Specific Ricoh MFP and Printer Products - a server-side request forgery vulnerability(CVE-2023-50733) , a firmware downgrade prevention vulnerability(CVE-2023-50738) and a buffer overflow vulnerability(CVE-2023-50739)

19 Apr 2024

First published: 02:00 pm on April 19, 2024 (2024-04-19T13:00:00+09:00)
Ricoh Company, Ltd.

Ricoh has identified a server-side request forgery vulnerability(CVE-2023-50733) , a firmware downgrade prevention vulnerability(CVE-2023-50738) and a buffer overflow vulnerability(CVE-2023-50739) towards Ricoh printers.

List 1 below shows the affected printers. Ricoh offers countermeasures detailed in the hyperlinked pages in the list.

CVE-2023-50733：Server-Side Request Forgery (SSRF) vulnerability in the Web Services feature that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50738：Firmware downgrade prevention vulnerability that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50739：Buffer overflow vulnerability in the Internet Printing Protocol (IPP) that can be leveraged by an attacker to execute arbitrary code.

Vulnerability Information ID	ricoh-2024-000003
Version	1.00E
CVE ID(CWE ID)	CVE-2023-50733 (CWE-918, CWE-20) CVE-2023-50738 (CWE-354, CWE-1328) CVE-2023-50739 (CWE-122)
CVSSv3 score	8.8 CRITICAL

List 1: Ricoh products and services affected by this vulnerability

Product/service	Link to details
P C200W	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2024-000003
P C200W	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2024-000003

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2024-04-19T13:00:00+09:00 : 1.00E Initial public release

News

Keep up to date

News