cvelistv5 - CVE-2018-16185

CVE-2018-16185 (GCVE-0-2018-16185)

Vulnerability from cvelistv5

Published

2019-01-09 22:00

Modified

2024-08-05 10:17

Severity ?

CWE

Firmware file is not signed

Summary

References

URL

	Vendor	Product	Version
	RICOH COMPANY, LTD.	RICOH Interactive Whiteboard	Version: D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)

CVE-2018-16185

Vulnerability from jvndb

Published

2018-11-27 15:26

Modified

2019-08-27 17:01

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in RICOH Interactive Whiteboard

Details

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN55263945/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16184
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16185
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16186
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16187
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16188
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16184
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16185
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16186
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16187
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16188
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Ricoh Co., Ltd	RICOH Interactive Whiteboard D2200
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5510
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5520
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D6500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D6510
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D7500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D8400

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "dc:date": "2019-08-27T17:01+09:00",
  "dcterms:issued": "2018-11-27T15:26+09:00",
  "dcterms:modified": "2019-08-27T17:01+09:00",
  "description": "RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.\r\n* Command injection (CWE-94) - CVE-2018-16184\r\n* Missing file signature - CVE-2018-16185\r\n* Hard-coded credentials for the administrator settings screen - CVE-2018-16186\r\n* The server certificate is self-signed - CVE-2018-16187\r\n* SQL injection (CWE-89) - CVE-2018-16188\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:ricoh:d2200_firmware",
      "@product": "RICOH Interactive Whiteboard D2200",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5500_firmware",
      "@product": "RICOH Interactive Whiteboard D5500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5510_firmware",
      "@product": "RICOH Interactive Whiteboard D5510",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5520_firmware",
      "@product": "RICOH Interactive Whiteboard D5520",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d6500_firmware",
      "@product": "RICOH Interactive Whiteboard D6500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d6510_firmware",
      "@product": "RICOH Interactive Whiteboard D6510",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d7500_firmware",
      "@product": "RICOH Interactive Whiteboard D7500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d8400_firmware",
      "@product": "RICOH Interactive Whiteboard D8400",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "10.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000124",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN55263945/index.html",
      "@id": "JVN#55263945",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16184",
      "@id": "CVE-2018-16184",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16185",
      "@id": "CVE-2018-16185",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16186",
      "@id": "CVE-2018-16186",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16187",
      "@id": "CVE-2018-16187",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16188",
      "@id": "CVE-2018-16188",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16184",
      "@id": "CVE-2018-16184",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16185",
      "@id": "CVE-2018-16185",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16186",
      "@id": "CVE-2018-16186",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16187",
      "@id": "CVE-2018-16187",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16188",
      "@id": "CVE-2018-16188",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in RICOH Interactive Whiteboard"
}

fkie_cve-2018-16185

Vulnerability from fkie_nvd

Published

2019-01-09 23:29

Modified

2024-11-21 03:52

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN55263945/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.ricoh.com/info/2018/1127_1.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN55263945/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ricoh.com/info/2018/1127_1.html	Vendor Advisory

Impacted products

Vendor	Product	Version
ricoh	d2200_firmware	*
ricoh	d2200	-
ricoh	d5500_firmware	*
ricoh	d5500	-
ricoh	d5510_firmware	*
ricoh	d5510	-
ricoh	d5520_firmware	*
ricoh	d5520_firmware	*
ricoh	d5520	-
ricoh	d6500_firmware	*
ricoh	d6500	-
ricoh	d6510_firmware	*
ricoh	d6510_firmware	*
ricoh	d6510	-
ricoh	d7500_firmware	*
ricoh	d7500_firmware	*
ricoh	d7500	-
ricoh	d8400_firmware	*
ricoh	d8400_firmware	*
ricoh	d8400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F1C6FF-7BE4-4F12-8F2E-4A1546922B06",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43293871-70F7-4B1D-956F-9308A860FC85",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2558C7C-403A-4C2B-B4B5-1AC935DB4514",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E56838-5CF4-4997-BCAD-684F8EA3E107",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF248D11-33E3-46CB-89AD-DBE4E5BF53ED",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09B5005-77BE-4F68-A7CE-F1D59DAD065C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA1E26D-CFBB-4751-AEEA-6C613F32C7E8",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC034CC4-E2DB-4BEC-9137-E763B45116DA",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4CA9708-C251-4278-983F-B3FA1787B11D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC04F5B0-B090-4677-9AE5-45BF6D281967",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5848E96E-331B-4157-93B0-9DCB6B4B5A6F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6F770D0-76C7-43C0-84A8-01D2CFCBF973",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E74C181-711B-4695-9BB6-56706A8777E0",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DDE0143-ADE4-41E1-8884-2010B7E3EC95",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E0791E-F5E1-4606-905B-840271021001",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63DFC5DE-09B2-4CF9-9443-FC64CC3C35CE",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD5552E-8242-4E70-8BDD-58D16FF53ABE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41C6567-0EAE-43DF-8DB0-477A1B7F5670",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBE1D9A-5A49-46F6-84CB-31DDAA80505F",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB2BD85-80E2-4225-8100-446B9F2BA053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program."
    },
    {
      "lang": "es",
      "value": "RICOH Interactive Whiteboard D2200, desde la V1.1 hasta la V2.2; D5500, desde la V1.1 hasta la V2.2; D5510, desde la V1.1 hasta la V2.2; las versiones con pantalla de RICOH Interactive Whiteboard Controller Type1, desde la V1.1 hasta la V2.2 (D5520, D6500, D6510, D7500, D8400) y las versiones con pantalla de RICOH Interactive Whiteboard Controller Type2, desde la V3.0 hasta la V3.1.10137.0 (D5520, D6510, D7500, D8400), permiten que atacantes remotos ejecuten un programa malicioso."
    }
  ],
  "id": "CVE-2018-16185",
  "lastModified": "2024-11-21T03:52:14.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:04.090",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201901-0831

Vulnerability from variot

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. There are security vulnerabilities in several RICOHInteractiveWhiteboard products

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0831",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "d6500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d2200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d7500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "d2200",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5520",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d6510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d8400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d6500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5520",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d5500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d6510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d7500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d8400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "d5520",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d5520",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "d6510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d7500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d5500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d7500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d8400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d8400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d5510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d6510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "interactive whiteboard d2200",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5510",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5520",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d6510",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d7500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d8400",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d2200",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.1\u003c=v2.2"
      },
      {
        "model": "interactive whiteboard d5500",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.1\u003c=v2.2"
      },
      {
        "model": "interactive whiteboard d5510",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.1\u003c=v2.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:ricoh:d2200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d5500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d5510_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d5520_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d6500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d6510_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d7500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d8400_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      }
    ]
  },
  "cve": "CVE-2018-16185",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-16185",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2018-24467",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-16185",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 5.0,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 1.6,
            "value": "Critical"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-16185",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-24467",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-736",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh\u0027s multi-function printers. There are security vulnerabilities in several RICOHInteractiveWhiteboard products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16185"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN55263945",
        "trust": 3.0
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16185",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "id": "VAR-201901-0831",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      }
    ],
    "trust": 1.5166667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:00:08.958000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "RICOH COMPANY, LTD. website",
        "trust": 0.8,
        "url": "https://www.ricoh.com/info/2018/1127_1.html"
      },
      {
        "title": "Patches for multiple RICOHInteractiveWhiteboard product code execution vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/146113"
      },
      {
        "title": "Multiple RICOH Interactive Whiteboard Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87001"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-89",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-94",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://jvn.jp/en/jp/jvn55263945/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.ricoh.com/info/2018/1127_1.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16188"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16184"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16186"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16187"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16184"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16185"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16186"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16187"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16188"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000124.html"
      },
      {
        "trust": 0.6,
        "url": "https://jvn.jp/en/jp/jvn55263945/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "date": "2018-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "date": "2018-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      },
      {
        "date": "2019-01-09T23:29:04.090000",
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-24467"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "date": "2019-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      },
      {
        "date": "2024-11-21T03:52:14.860000",
        "db": "NVD",
        "id": "CVE-2018-16185"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in RICOH Interactive Whiteboard",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-736"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-16185

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-16185

Aliases

CVE-2018-16185

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16185",
    "description": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.",
    "id": "GSD-2018-16185"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16185"
      ],
      "details": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.",
      "id": "GSD-2018-16185",
      "modified": "2023-12-13T01:22:25.780475Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16185",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RICOH Interactive Whiteboard",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "RICOH COMPANY, LTD."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Firmware file is not signed"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#55263945",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
          },
          {
            "name": "https://www.ricoh.com/info/2018/1127_1.html",
            "refsource": "MISC",
            "url": "https://www.ricoh.com/info/2018/1127_1.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16185"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ricoh.com/info/2018/1127_1.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ricoh.com/info/2018/1127_1.html"
            },
            {
              "name": "JVN#55263945",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-02-04T16:46Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

ghsa-qfr6-2887-wq9v

Vulnerability from github

Published

2022-05-14 01:37

Modified

2022-05-14 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.",
  "id": "GHSA-qfr6-2887-wq9v",
  "modified": "2022-05-14T01:37:05Z",
  "published": "2022-05-14T01:37:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16185"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2018-24467

Vulnerability from cnvd

Title

多款RICOH Interactive Whiteboard产品代码执行漏洞

Description

RICOH Interactive Whiteboard D2200等都是日本理光（Ricoh）公司的多功能打印机设备。多款RICOH Interactive Whiteboard产品中存在安全漏洞。远程攻击者可利用该漏洞执行经过修改的程序。

Severity

中

Patch Name

多款RICOH Interactive Whiteboard产品代码执行漏洞的补丁

Patch Description

RICOH Interactive Whiteboard D2200等都是日本理光（Ricoh）公司的多功能打印机设备。多款RICOH Interactive Whiteboard产品中存在安全漏洞。远程攻击者可利用该漏洞执行经过修改的程序。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://www.ricoh.com/info/2018/1127_1.html

Reference

https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html https://jvn.jp/en/jp/JVN55263945/

Impacted products

Name
['Ricoh RICOH Interactive Whiteboard D2200 >=1.1，<=V2.2', 'Ricoh RICOH Interactive Whiteboard D5500 >=1.1，<=V2.2', 'Ricoh RICOH Interactive Whiteboard D5510 >=1.1，<=V2.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16185"
    }
  },
  "description": "RICOH Interactive Whiteboard D2200\u7b49\u90fd\u662f\u65e5\u672c\u7406\u5149\uff08Ricoh\uff09\u516c\u53f8\u7684\u591a\u529f\u80fd\u6253\u5370\u673a\u8bbe\u5907\u3002\n\n\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u7ecf\u8fc7\u4fee\u6539\u7684\u7a0b\u5e8f\u3002",
  "discovererName": "Ricoh",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://www.ricoh.com/info/2018/1127_1.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24467",
  "openTime": "2018-12-04",
  "patchDescription": "RICOH Interactive Whiteboard D2200\u7b49\u90fd\u662f\u65e5\u672c\u7406\u5149\uff08Ricoh\uff09\u516c\u53f8\u7684\u591a\u529f\u80fd\u6253\u5370\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u7ecf\u8fc7\u4fee\u6539\u7684\u7a0b\u5e8f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ricoh RICOH Interactive Whiteboard D2200 \u003e=1.1\uff0c\u003c=V2.2",
      "Ricoh RICOH Interactive Whiteboard D5500 \u003e=1.1\uff0c\u003c=V2.2",
      "Ricoh RICOH Interactive Whiteboard D5510 \u003e=1.1\uff0c\u003c=V2.2"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html\r\nhttps://jvn.jp/en/jp/JVN55263945/",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-29",
  "title": "\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-16185 (GCVE-0-2018-16185)

Vulnerability from cvelistv5

CVE-2018-16185

Vulnerability from jvndb

fkie_cve-2018-16185

Vulnerability from fkie_nvd

var-201901-0831

Vulnerability from variot

gsd-2018-16185

Vulnerability from gsd

ghsa-qfr6-2887-wq9v

Vulnerability from github

cnvd-2018-24467

Vulnerability from cnvd

Tags

Sightings

Nomenclature