Main content

Notice on potential impact of "Cross-site scripting vulnerable" (CVE-2022-37406) towards MP C401SP/C401SRSP(The model with Smart Operation Panel)

First published: 07:00 am on January 23, 2025 (2025-01-23T16:00:00+09:00)
Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported "Cross-site scripting vulnerable" (CVE-2022-37406) affects MP C401SP/C401SRSP(The model with Smart Operation Panel).

 

Ricoh offers measures detailed below.

  • Advisory ID
    ricoh-prod000256-2023-000006
  • Version
    1.00E
  • CVE ID (CWE ID)
  • CVSSv3 base score
    4.8MEDIUM

Potential impact

Arbitrary scripts may be executed on the web browser of a user who is logged in with administrative privileges.

Affected components and versions

Products or Services Components Versions
MP C401SP/C401SRSP(The model with Smart Operation Panel) Firmware Web Support 2.04 or earlier

How to view the firmware version:
1. Access Web Image Monitor from your browser.
https://""IP address or hostname of the device""
2. Log in with Administrator privileges.
3. Navigate to Device Management > Configuration > Device Settings > Firmware Update

Resolution

Please download the updated firmware at the following links:
https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/mpc401/mpc401.htm


Contact:

Please contact your local Ricoh representative or dealer if you have any queries.

History :
2025-01-23T16:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000256-2023-000006
Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.