Ricoh Web Image Monitor, used in multiple laser printers and multi‑function printers, contains an open‑redirect vulnerability (CWE‑601). A specially crafted URL can cause the device to redirect its Web interface to an arbitrary external site. An attacker can use this behavior to deliver phishing pages or drive users to malicious content, compromising the confidentiality and integrity of user credentials and potentially facilitating credential‑stealing attacks. The vulnerability does not allow arbitrary code execution, but it can lead to social‑engineering attacks that threaten user accounts and sensitive documents.

The affected products are all Ricoh Company, Ltd. laser printers and multifunction printers that implement the Web Image Monitor web interface. No specific firmware or hardware revision is listed, so all variants that use the Web Image Monitor are potentially impacted.

The CVSS score of 5.1 indicates a medium level of severity. The EPSS score is not available, but the lack of a known exploit in the CISA KEV catalog suggests the vulnerability has not yet been targeted in large‑scale attacks. The likely attack vector is a web browser accessing a carefully constructed URL on the affected device. An attacker does not need elevated privileges to trigger the redirect; any user who can browse the printer’s web interface is susceptible. Because the redirect target can be any website, phishing or credential‑stealing campaigns can be conducted by redirecting to a cloned login portal. While the direct impact is limited to user deception, the popularity of Ricoh devices in enterprise and educational settings means the potential user base is broad. The absence of public exploits or a formal patch release underscores the importance of monitoring for unusual redirection activity and applying vendor security updates as they become available.