CVE-2019-14303

Vulnerability

The vulnerability resides in the line printer daemon (LPD) service implementation of Ricoh SP C250DN printers running firmware version 1.05. The service does not properly handle certain network inputs, leading to a denial of service condition. No authentication or special configuration is required for the vulnerable code path to be reachable.

Exploitation

An unauthenticated attacker with network access to the printer can send crafted LPD protocol packets to the target device. No user interaction or prior authentication is needed. The exact sequence of packets is not publicly documented, but the advisory confirms that the flawed LPD implementation is the attack vector.

Impact

Successful exploitation results in denial of service, rendering the printer unresponsive and unable to process legitimate print jobs. The device may require a power cycle to recover. No data confidentiality or integrity is directly compromised.

Mitigation

As of the publication date, Ricoh has not released a firmware update addressing this vulnerability. Users are advised to restrict network access to the LPD service (port 515) via firewall rules and to monitor the vendor's support page [1] for future patches.