Specific Ricoh MFP and Printer Products - a server-side request forgery vulnerability(CVE-2023-50733) , a firmware downgrade prevention vulnerability(CVE-2023-50738) and a buffer overflow vulnerability(CVE-2023-50739)Ricoh has identified a server-side request forgery vulnerability(CVE-2023-50733) , a firmware downgrade prevention vulnerability(CVE-2023-50738) and a buffer overflow vulnerability(CVE-2023-50739) towards Ricoh printers.
List 1 below shows the affected printers. Ricoh offers countermeasures detailed in the hyperlinked pages in the list.
CVE-2023-50733:Server-Side Request Forgery (SSRF) vulnerability in the Web Services feature that can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50738:Firmware downgrade prevention vulnerability that can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50739:Buffer overflow vulnerability in the Internet Printing Protocol (IPP) that can be leveraged by an attacker to execute arbitrary code.
| Product/service | Link to details |
|---|---|
| P C200W | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2024-000003 |
| M C240FW | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2024-000003 |
Please contact your local Ricoh representative or dealer if you have any queries.
The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000003 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.
