VYPR
Vendor

Ricoh

Products
40
CVEs
58
Across products
64
Status
Private

Products

40
View all 40 products →

Recent CVEs

58
View all 58 CVEs →
  • CVE-2025-46783CriJun 13, 2025
    risk 0.64cvss 9.8epss 0.01

    Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product.

  • CVE-2024-37124CriJun 19, 2024
    risk 0.64cvss 9.8epss 0.01

    Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.

  • CVE-2024-36480CriJun 19, 2024
    risk 0.64cvss 9.8epss 0.00

    Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the…

  • CVE-2018-15884HigAug 28, 2018
    risk 0.60cvss 8.8epss 0.03

    RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

  • CVE-2024-39927HigJul 10, 2024
    risk 0.53cvss 8.2epss 0.01

    Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed.

  • CVE-2026-26050HigFeb 20, 2026
    risk 0.51cvss 7.8epss 0.00

    The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed…

  • CVE-2024-47939HigNov 1, 2024
    risk 0.50cvss 7.7epss 0.01

    Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a…

  • CVE-2024-41995HigAug 6, 2024
    risk 0.49cvss 7.5epss 0.01

    Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of…

  • CVE-2018-17313MedSep 26, 2018
    risk 0.43cvss 6.1epss 0.02

    On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

  • CVE-2018-17310MedSep 26, 2018
    risk 0.43cvss 6.1epss 0.02

    On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

  • CVE-2025-36506MedJun 13, 2025
    risk 0.42cvss 6.5epss 0.00

    External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data.

  • CVE-2024-36252MedJun 19, 2024
    risk 0.41cvss 6.3epss 0.00

    Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.

  • CVE-2019-25324MedFeb 12, 2026
    risk 0.40cvss 6.1epss 0.00

    RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content,…

  • CVE-2025-41393MedMay 12, 2025
    risk 0.40cvss 6.1epss 0.01

    Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the…

  • CVE-2018-17316MedSep 26, 2018
    risk 0.40cvss 6.1epss 0.01

    On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

  • CVE-2018-17315MedSep 26, 2018
    risk 0.40cvss 6.1epss 0.01

    On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

  • CVE-2018-17314MedSep 26, 2018
    risk 0.40cvss 6.1epss 0.01

    On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

  • CVE-2018-17312MedSep 26, 2018
    risk 0.40cvss 6.1epss 0.01

    On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

  • CVE-2018-17311MedSep 26, 2018
    risk 0.40cvss 6.1epss 0.01

    On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.

  • CVE-2018-17309MedSep 26, 2018
    risk 0.40cvss 6.1epss 0.01

    On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.