Vulnerability Description
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ricoh | Sp C250Sf Firmware | All versions |
| Ricoh | Sp C250Sf | - |
| Ricoh | Sp C252Sf Firmware | All versions |
| Ricoh | Sp C252Sf | - |
| Ricoh | Sp C250Dn Firmware | 1.05 |
| Ricoh | Sp C250Dn | - |
| Ricoh | Sp C252Dn Firmware | All versions |
| Ricoh | Sp C252Dn | - |
Related Weaknesses (CWE)
References
- https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory
- https://www.ricoh-usa.com/en/support-and-downloadVendor Advisory
- https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory
- https://www.ricoh-usa.com/en/support-and-downloadVendor Advisory
FAQ
What is CVE-2019-14309?
CVE-2019-14309 is a vulnerability with a CVSS score of 7.5 (HIGH). Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored...
How severe is CVE-2019-14309?
CVE-2019-14309 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14309?
Check the references section above for vendor advisories and patch information. Affected products include: Ricoh Sp C250Sf Firmware, Ricoh Sp C250Sf, Ricoh Sp C252Sf Firmware, Ricoh Sp C252Sf, Ricoh Sp C250Dn Firmware.