Description
Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC (OpenID Connect) tokens may be retrieved.
Published: 2026-01-09
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

RICOH’s Streamline NX firmware versions 3.5.1 through 24R3 contain an improper authorization flaw that allows an attacker able to conduct a man‑in‑the‑middle attack on the device’s communication channel to craft special requests. When these requests are processed, the device may expose the user’s registration data and OIDC tokens. This vulnerability is classified as CWE‑639 and permits disclosure of sensitive credentials without requiring any legitimate local or remote administrative access.

Affected Systems

The affected systems are the Ricoh Company, Ltd. RICOH Streamline NX devices running firmware versions 3.5.1 to 24R3.

Risk and Exploitability

The flaw carries a CVSS score of 8.2, indicating high severity, but its EPSS score is less than 1%, suggesting that exploitation attempts are currently rare and would need a successful man‑in‑the‑middle position. The vulnerability is not listed in the CISA KEV catalog, indicating that there are no publicly known, actively employed exploits. Attackers would need to intercept traffic between a user and the device, then send crafted requests that bypass the improper authorization checks to retrieve sensitive information.

Generated by OpenCVE AI on April 18, 2026 at 07:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version that includes the fix for the improper authorization bug, as released by Ricoh.
  • If a patch is not yet available, isolate the device from untrusted networks or enforce secure transport (e.g., TLS, VPN) so that a man‑in‑the‑middle cannot intercept traffic.
  • Implement monitoring for anomalous requests or unauthorized token disclosures on the network connecting to the device to detect potential exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 07:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Title Improper Authorization Allows Retrieval of User Registration Information and OIDC Tokens via Man‑in‑the‑Middle

Fri, 09 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 09 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Ricoh
Ricoh streamline Nx
Vendors & Products Ricoh
Ricoh streamline Nx

Fri, 09 Jan 2026 07:30:00 +0000

Type Values Removed Values Added
Description Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC (OpenID Connect) tokens may be retrieved.
Weaknesses CWE-639
References
Metrics cvssV3_0

{'score': 5.9, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Ricoh Streamline Nx
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-01-09T18:11:55.373Z

Reserved: 2025-12-24T07:24:57.904Z

Link: CVE-2026-21409

cve-icon Vulnrichment

Updated: 2026-01-09T18:11:50.599Z

cve-icon NVD

Status : Deferred

Published: 2026-01-09T08:15:58.297

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-21409

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:30:36Z

Weaknesses