Specific Ricoh MFP and Printer Products - Vulnerabilities in the PostScript interpreter (CVE-2024-11344, CVE-2024-11345, CVE-2024-11346, CVE-2024-11347) and the embedded web server (CVE-2025-1127) in M C240FWRicoh has identified vulnerabilities in the PostScript interpreter (CVE-2024-11344, CVE-2024-11345, CVE-2024-11346, CVE-2024-11347) and the embedded web server (CVE-2025-1127) in M C240FW.
Ricoh offers measures detailed below.
These vulnarevilities allow arbitrary code to be executed remotely.
| Products or Services | Components | Versions |
|---|---|---|
| M C240FW | Firmware | Ver.1.12(230.329) or earlier |
Do the following to determine the firmware version of the device:
1. Select the following from the operation panel.
Settings → Reports → Menu Setting Page
2. Check the firmware level listed under “Device Information".
Please download the updated firmware at the following links:
https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/mc240fw/mc240fw.htm
Fixed version: Ver.1.13
Workaroud for CVE-2025-1127:
Setting an administrative password on the device (as prompted to do so during initial setup) will prevent an
untrusted user from executing the vulnerability.
Ricoh recommends a firmware update if your device has affected firmware.
Please contact your local Ricoh representative or dealer if you have any queries.
The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2025-000003 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.
