Change Country/Area Global
  • Home
  • Notice on NAME:WRECK TCP/IP Stack Potential Vulnerabilities
Main content
PAGE TOP

Information

Notice on NAME:WRECK TCP/IP Stack Potential Vulnerabilities

May 4, 2021
Date of current status: May 4, 2021
Ricoh Company, Limited.

Ricoh is aware of the security vulnerabilities known as the “NAME:WRECK” disclosed by the JSOF and ForeScout Research Labs on April 12, 2021. These vulnerabilities could potentially allow a remote hacker to trigger an information leak if a specific TCP/IP stack version is used.

https://www.jsof-tech.com/namewreck-dns-vulnerabilities-disclosed-by-jsof-and-forescout/

https://www.forescout.com/company/blog/forescout-and-jsof-disclose-new-dns-vulnerabilities-impacting-millions-of-enterprise-and-consumer-devices/

The only affected A4-sized multi-function printers confirmed are as following:

Model Name CVE
SG3100 SNw
SG3110 SFNw
SG3120B SFNw		 CVE-2016-20009

THE POTENTIAL VULNERABILITY SUMMARY

The affected printer has potential vulnerabilities which may cause a device stall, memory destruction, network failure, information leak, and being targets of springboard attack.

This vulnerability will not affect devices connected to the customer's network if the network is properly configured against external attacks. Ricoh recommends always using best practices for network protection, including:

  1. When the device is connected to a network, ensure that the network is protected, for example, by a firewall.
  2. Install the device in a secure network where users restrictions are in place.

RESOLUTION

Ricoh will release updated firmware on its driver site as it is available. As information is updated, it will be published here.

WORKAROUND

Until updated firmware is available, please implement the workarounds described here.

For further details on best practices for securely setting up your printer or MFP, please visit here.

| About Ricoh |

Ricoh is empowering digital workplaces using innovative technologies and services enabling individuals to work smarter. For more than 80 years, Ricoh has been driving innovation and is a leading provider of document management solutions, IT services, communications services, commercial and industrial printing, digital cameras, and industrial systems.
Headquartered in Tokyo, Ricoh Group operates in approximately 200 countries and regions. In the financial year ended March 2020, Ricoh Group had worldwide sales of 2,008 billion yen (approx. 18.5 billion USD).
For further information, please visit www.ricoh.com

###

© 2021 RICOH COMPANY, LTD. All rights reserved. All referenced product names are the trademarks of their respective companies.

Back