#VU21114 Buffer overflow in RICOH COMPANY, LTD. products - CVE-2019-14305
Published: September 16, 2019
Vulnerability identifier: #VU21114
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-14305
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
SP C252DN
SP C250DN
SP C252SF
SP C250SF
SP C252DN
SP C250DN
SP C252SF
SP C250SF
Software vendor:
RICOH COMPANY, LTD.
RICOH COMPANY, LTD.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts. A remote authenticated attacker can send a specially crafted requests to the web server, trigger memory corruption and cause a denial of service condition or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.