Specific Ricoh MFP and Printer Products - Buffer overflow vulnerability(CVE-2024-47939)in IM 2500/3000/3500/4000/5000/6000

: Last updated: 09:00 am on March 24, 2025 (2025-03-24T18:00:00+09:00); First published: 03:00 am on October 31, 2024 (2024-10-31T12:00:00+09:00); Ricoh Company, Ltd.

Ricoh has identified a buffer overflow vulnerability(CVE-2024-47939) affecting IM 2500/3000/3500/4000/5000/6000

Advisory ID

ricoh-prod000010-2024-000011
Version

1.01E
CVE ID (CWE ID)

CVE-2024-47939 ( CWE-121 )
CVSSv3 base score

7.7HIGH

Potential impact

Receiving a crafted request by a remote third party can lead to a denial of service (DoS) attack or changes to some device settings.

Affected components and versions

Products or Services	Components	Versions
IM 2500/3000/3500/4000/5000/6000	Firmware	Web Support :5.04 or earlier , WebUapl:5.02 or earlier , Printer:7.60 or earlier

How to view the firmware version:

1. Access Web Image Monitor from your browser.

https://"IP address or hostname of the device"

2. Log in with Administrator privileges.

3. Navigate to Device Management > Configuration > Device Settings > Firmware Update

Resolution

Please download the updated firmware at the following link:
https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/im2500/im2500.htm

Contact:

Please contact your local Ricoh representative or dealer if you have any queries.

History :
2025-03-24T18:00:00+09:00 : 1.01E Updated CVSSv3 base score and Potential impact
2024-10-31T12:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2024-000011 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.