CVE-2019-14304 - Vulnerability Details

Ricoh SP C250DN 1.06 devices allow CSRF.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00211.

Key SSVC decision points have not yet been added.

Vendors	Products
Ricoh Subscribe	M 2700 Subscribe M 2700 Firmware Subscribe M 2701 Subscribe M 2701 Firmware Subscribe M C250fw Subscribe M C250fw Firmware Subscribe M C250fwb Subscribe M C250fwb Firmware Subscribe Mp 2014 Subscribe Mp 2014 Firmware Subscribe Mp 2014ad Subscribe Mp 2014ad Firmware Subscribe Mp 2014d Subscribe Mp 2014d Firmware Subscribe P C300w Subscribe P C300w Firmware Subscribe P C301w Subscribe P C301w Firmware Subscribe Sp277nwx Subscribe Sp277nwx Firmware Subscribe Sp 212nw Subscribe Sp 212nw Firmware Subscribe Sp 212sfnw Subscribe Sp 212sfnw \(china\) Subscribe Sp 212sfnw \(china\) Firmware Subscribe Sp 212sfnw Firmware Subscribe Sp 212sfw Subscribe Sp 212sfw Firmware Subscribe Sp 212snw Subscribe Sp 212snw Firmware Subscribe Sp 212suw Subscribe Sp 212suw Firmware Subscribe Sp 212w Subscribe Sp 212w Firmware Subscribe Sp 213nw Subscribe Sp 213nw \(taiwan\) Subscribe Sp 213nw \(taiwan\) Firmware Subscribe Sp 213nw Firmware Subscribe Sp 213sfnw Subscribe Sp 213sfnw \(taiwan\) Subscribe Sp 213sfnw \(taiwan\) Firmware Subscribe Sp 213sfnw Firmware Subscribe Sp 213sfw Subscribe Sp 213sfw Firmware Subscribe Sp 213snw Subscribe Sp 213snw \(taiwan\) Subscribe Sp 213snw \(taiwan\) Firmware Subscribe Sp 213snw Firmware Subscribe Sp 213suw Subscribe Sp 213suw Firmware Subscribe Sp 213w Subscribe Sp 213w Firmware Subscribe Sp 220nw Subscribe Sp 220nw Firmware Subscribe Sp 220sfnw Subscribe Sp 220sfnw Firmware Subscribe Sp 220snw Subscribe Sp 220snw Firmware Subscribe Sp 221 Subscribe Sp 221 Firmware Subscribe Sp 221nw Subscribe Sp 221nw Firmware Subscribe Sp 221s Subscribe Sp 221s Firmware Subscribe Sp 221sf Subscribe Sp 221sf Firmware Subscribe Sp 221sfnw Subscribe Sp 221sfnw Firmware Subscribe Sp 221snw Subscribe Sp 221snw Firmware Subscribe Sp 277sfnwx Subscribe Sp 277sfnwx Firmware Subscribe Sp 277snwx Subscribe Sp 277snwx Firmware Subscribe Sp 330dn Subscribe Sp 330dn Firmware Subscribe Sp 330sfn Subscribe Sp 330sfn Firmware Subscribe Sp 330sn Subscribe Sp 330sn Firmware Subscribe Sp 3710dn Subscribe Sp 3710dn Firmware Subscribe Sp 3710sf Subscribe Sp 3710sf Firmware Subscribe Sp C250dn Subscribe Sp C250dn Firmware Subscribe Sp C250sf Subscribe Sp C250sf Firmware Subscribe Sp C252dn Subscribe Sp C252dn Firmware Subscribe Sp C252sf Subscribe Sp C252sf Firmware Subscribe Sp C260dnw Subscribe Sp C260dnw Firmware Subscribe Sp C260sfnw Subscribe Sp C260sfnw Firmware Subscribe Sp C261dnw Subscribe Sp C261dnw Firmware Subscribe Sp C261sfnw Subscribe Sp C261sfnw Firmware Subscribe Sp C262dnw Subscribe Sp C262dnw Firmware Subscribe Sp C262sfnw Subscribe Sp C262sfnw Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:ricoh:sp_c250sf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c250sf:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ricoh:sp_c252sf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c252sf:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ricoh:sp_c250dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c250dn:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ricoh:sp_c252dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c252dn:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ricoh:m_c250fw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:m_c250fw:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ricoh:m_c250fwb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:m_c250fwb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ricoh:p_c300w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:p_c300w:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:ricoh:p_c301w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:p_c301w:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:ricoh:sp_330sn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_330sn:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:ricoh:sp_330sfn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_330sfn:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:ricoh:sp_330dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_330dn:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:ricoh:sp_3710sf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_3710sf:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:ricoh:sp_3710dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_3710dn:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:ricoh:sp_c260dnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c260dnw:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:ricoh:sp_c260sfnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c260sfnw:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:ricoh:sp_c261dnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c261dnw:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:ricoh:sp_c261sfnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c261sfnw:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:ricoh:sp_c262sfnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c262sfnw:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:ricoh:sp_c262dnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_c262dnw:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:ricoh:mp_2014_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:mp_2014:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:ricoh:mp_2014d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:mp_2014d:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:ricoh:mp_2014ad_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:mp_2014ad:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:ricoh:m_2700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:m_2700:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:ricoh:m_2701_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:m_2701:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:ricoh:sp_221s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_221s:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:ricoh:sp_220snw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_220snw:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:ricoh:sp_221snw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_221snw:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:ricoh:sp_221sf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_221sf:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:ricoh:sp_220sfnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_220sfnw:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:ricoh:sp_221sfnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_221sfnw:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:ricoh:sp_277snwx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_277snwx:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:ricoh:sp_277sfnwx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_277sfnwx:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:ricoh:sp_221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_221:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:ricoh:sp_220nw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_220nw:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:ricoh:sp_221nw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_221nw:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:ricoh:sp277nwx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp277nwx:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:ricoh:sp_212snw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_212snw:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:ricoh:sp_212sfnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_212sfnw:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:ricoh:sp_212sfw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_212sfw:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:ricoh:sp_212sfnw_\(china\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_212sfnw_\(china\):-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:ricoh:sp_212suw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_212suw:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:ricoh:sp_213snw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213snw:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:ricoh:sp_213snw_\(taiwan\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213snw_\(taiwan\):-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:ricoh:sp_213suw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213suw:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:ricoh:sp_213sfnw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213sfnw:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:ricoh:sp_213sfw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213sfw:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:ricoh:sp_213sfnw_\(taiwan\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213sfnw_\(taiwan\):-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:ricoh:sp_212nw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_212nw:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:ricoh:sp_213nw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213nw:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:ricoh:sp_213nw_\(taiwan\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213nw_\(taiwan\):-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:ricoh:sp_212w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_212w:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:ricoh:sp_213w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:sp_213w:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-5531	Ricoh SP C250DN 1.06 devices allow CSRF.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://jvn.jp/en/jp/JVN52962201/index.html
https://www.ricoh.com/info/2019/0823_1/

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-10T17:58:30

Updated: 2024-08-05T00:12:43.395Z

Reserved: 2019-07-27T00:00:00

Link: CVE-2019-14304

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-01-10T18:15:11.507

Modified: 2024-11-21T04:26:27.137

Link: CVE-2019-14304

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-352

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object