CVE-2019-14304

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2019-14304
Ricoh SP C250DN 1.06 devices allow CSRF.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.ricoh.com/info/2019/0823_1/ Vendor Advisory
http://jvn.jp/en/jp/JVN52962201/index.html Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ricoh:sp_c250sf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c250sf:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ricoh:sp_c252sf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c252sf:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ricoh:sp_c250dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c250dn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ricoh:sp_c252dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c252dn:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ricoh:m_c250fw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:m_c250fw:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ricoh:m_c250fwb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:m_c250fwb:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ricoh:p_c300w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:p_c300w:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ricoh:p_c301w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:p_c301w:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:ricoh:sp_330sn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_330sn:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:ricoh:sp_330sfn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_330sfn:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:ricoh:sp_330dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_330dn:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:ricoh:sp_3710sf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_3710sf:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:ricoh:sp_3710dn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_3710dn:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:ricoh:sp_c260dnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c260dnw:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:ricoh:sp_c260sfnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c260sfnw:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:ricoh:sp_c261dnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c261dnw:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:ricoh:sp_c261sfnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c261sfnw:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:ricoh:sp_c262sfnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c262sfnw:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:ricoh:sp_c262dnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_c262dnw:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:ricoh:mp_2014_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:mp_2014:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:ricoh:mp_2014d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:mp_2014d:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:ricoh:mp_2014ad_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:mp_2014ad:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:ricoh:m_2700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:m_2700:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:ricoh:m_2701_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:m_2701:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:ricoh:sp_221s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_221s:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:ricoh:sp_220snw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_220snw:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:ricoh:sp_221snw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_221snw:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:ricoh:sp_221sf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_221sf:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:ricoh:sp_220sfnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_220sfnw:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:ricoh:sp_221sfnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_221sfnw:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:ricoh:sp_277snwx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_277snwx:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:ricoh:sp_277sfnwx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_277sfnwx:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:ricoh:sp_221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_221:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:ricoh:sp_220nw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_220nw:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:ricoh:sp_221nw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_221nw:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:ricoh:sp277nwx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp277nwx:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:ricoh:sp_212snw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_212snw:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:ricoh:sp_212sfnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_212sfnw:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:ricoh:sp_212sfw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_212sfw:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:ricoh:sp_212sfnw_\(china\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_212sfnw_\(china\):-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:ricoh:sp_212suw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_212suw:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:ricoh:sp_213snw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213snw:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:ricoh:sp_213snw_\(taiwan\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213snw_\(taiwan\):-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND
cpe:2.3:o:ricoh:sp_213suw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213suw:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND
cpe:2.3:o:ricoh:sp_213sfnw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213sfnw:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND
cpe:2.3:o:ricoh:sp_213sfw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213sfw:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND
cpe:2.3:o:ricoh:sp_213sfnw_\(taiwan\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213sfnw_\(taiwan\):-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND
cpe:2.3:o:ricoh:sp_212nw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_212nw:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND
cpe:2.3:o:ricoh:sp_213nw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213nw:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND
cpe:2.3:o:ricoh:sp_213nw_\(taiwan\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213nw_\(taiwan\):-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND
cpe:2.3:o:ricoh:sp_212w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_212w:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND
cpe:2.3:o:ricoh:sp_213w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ricoh:sp_213w:-:*:*:*:*:*:*:*
Information

Published : 2020-01-10 10:15

Updated : 2023-02-01 09:13

NVD link : CVE-2019-14304

Mitre link : CVE-2019-14304

JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa
Products Affected

ricoh

  • sp_277sfnwx
  • sp_213snw_\(taiwan\)_firmware
  • sp_330sn_firmware
  • sp_213sfnw_\(taiwan\)_firmware
  • sp_c260sfnw
  • p_c301w_firmware
  • sp_213w_firmware
  • sp_330sfn_firmware
  • m_2701_firmware
  • sp_220sfnw
  • sp_221snw_firmware
  • sp_277sfnwx_firmware
  • p_c300w_firmware
  • sp_221nw_firmware
  • m_c250fw_firmware
  • sp_220sfnw_firmware
  • sp_213nw
  • sp_213snw_\(taiwan\)
  • sp_213suw
  • sp_213nw_\(taiwan\)_firmware
  • sp_c261sfnw_firmware
  • m_2700_firmware
  • sp277nwx
  • sp_221nw
  • sp_212sfnw
  • sp_221_firmware
  • sp_c262sfnw
  • sp_c260dnw
  • sp_213snw_firmware
  • sp_c250dn_firmware
  • sp_221s_firmware
  • mp_2014_firmware
  • sp_3710sf_firmware
  • mp_2014ad
  • p_c301w
  • sp_213sfnw_\(taiwan\)
  • m_c250fw
  • m_c250fwb_firmware
  • sp_220nw
  • sp_213suw_firmware
  • sp_213sfnw_firmware
  • sp_221sfnw_firmware
  • sp_212sfw_firmware
  • p_c300w
  • sp_221sf
  • sp_c261sfnw
  • sp_221sfnw
  • sp_212w_firmware
  • sp_277snwx
  • sp_213sfw_firmware
  • sp_212snw_firmware
  • sp_c250dn
  • sp_213nw_\(taiwan\)
  • sp_220snw_firmware
  • sp_212w
  • sp_212suw
  • sp_330sn
  • sp_221s
  • sp_213nw_firmware
  • sp_c252sf_firmware
  • sp_c261dnw
  • sp_212nw
  • sp_3710sf
  • sp277nwx_firmware
  • sp_c260sfnw_firmware
  • m_2700
  • mp_2014d
  • sp_212sfnw_\(china\)
  • sp_330sfn
  • sp_212sfnw_firmware
  • sp_213snw
  • sp_c262dnw_firmware
  • sp_3710dn_firmware
  • sp_c252dn_firmware
  • sp_220nw_firmware
  • sp_330dn_firmware
  • sp_213sfw
  • sp_c250sf
  • sp_c252sf
  • m_c250fwb
  • sp_212sfw
  • sp_212nw_firmware
  • sp_c262sfnw_firmware
  • sp_c252dn
  • sp_c261dnw_firmware
  • sp_c262dnw
  • sp_220snw
  • sp_3710dn
  • sp_277snwx_firmware
  • mp_2014ad_firmware
  • sp_221snw
  • sp_c260dnw_firmware
  • sp_330dn
  • sp_212suw_firmware
  • mp_2014d_firmware
  • sp_212sfnw_\(china\)_firmware
  • sp_221
  • sp_213w
  • sp_212snw
  • sp_c250sf_firmware
  • sp_221sf_firmware
  • mp_2014
  • sp_213sfnw
  • m_2701