cvelistv5 - CVE-2018-16186

CVE-2018-16186 (GCVE-0-2018-16186)

Vulnerability from cvelistv5

Published

2019-01-09 22:00

Modified

2024-08-05 10:17

Severity ?

CWE

Use of Hard-coded Credentials

Summary

References

URL

	Vendor	Product	Version
	RICOH COMPANY, LTD.	RICOH Interactive Whiteboard	Version: D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)

cnvd-2018-24466

Vulnerability from cnvd

Title

多款RICOH Interactive Whiteboard产品限提升漏洞

Description

RICOH Interactive Whiteboard D2200等都是日本理光（Ricoh）公司的多功能打印机设备。多款RICOH Interactive Whiteboard产品中存在安全漏洞。攻击者可利用该漏洞登录管理员设置页面，修改配置。

Severity

高

Patch Name

多款RICOH Interactive Whiteboard产品限提升漏洞的补丁

Patch Description

RICOH Interactive Whiteboard D2200等都是日本理光（Ricoh）公司的多功能打印机设备。多款RICOH Interactive Whiteboard产品中存在安全漏洞。攻击者可利用该漏洞登录管理员设置页面，修改配置。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://www.ricoh.com/info/2018/1127_1.html

Reference

https://jvn.jp/en/jp/JVN55263945/ https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html

Impacted products

Name
['Ricoh RICOH Interactive Whiteboard D2200 >=1.1，<=V2.2', 'Ricoh RICOH Interactive Whiteboard D5500 >=1.1，<=V2.2', 'Ricoh RICOH Interactive Whiteboard D5510 >=1.1，<=V2.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16186"
    }
  },
  "description": "RICOH Interactive Whiteboard D2200\u7b49\u90fd\u662f\u65e5\u672c\u7406\u5149\uff08Ricoh\uff09\u516c\u53f8\u7684\u591a\u529f\u80fd\u6253\u5370\u673a\u8bbe\u5907\u3002\n\n\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u767b\u5f55\u7ba1\u7406\u5458\u8bbe\u7f6e\u9875\u9762\uff0c\u4fee\u6539\u914d\u7f6e\u3002",
  "discovererName": "Ricoh",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://www.ricoh.com/info/2018/1127_1.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24466",
  "openTime": "2018-12-04",
  "patchDescription": "RICOH Interactive Whiteboard D2200\u7b49\u90fd\u662f\u65e5\u672c\u7406\u5149\uff08Ricoh\uff09\u516c\u53f8\u7684\u591a\u529f\u80fd\u6253\u5370\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u767b\u5f55\u7ba1\u7406\u5458\u8bbe\u7f6e\u9875\u9762\uff0c\u4fee\u6539\u914d\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u9650\u63d0\u5347\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ricoh RICOH Interactive Whiteboard D2200 \u003e=1.1\uff0c\u003c=V2.2",
      "Ricoh RICOH Interactive Whiteboard D5500 \u003e=1.1\uff0c\u003c=V2.2",
      "Ricoh RICOH Interactive Whiteboard D5510 \u003e=1.1\uff0c\u003c=V2.2"
    ]
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN55263945/\r\nhttps://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-29",
  "title": "\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u9650\u63d0\u5347\u6f0f\u6d1e"
}

ghsa-q857-rfgj-pfxm

Vulnerability from github

Published

2022-05-14 01:37

Modified

2022-05-14 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.",
  "id": "GHSA-q857-rfgj-pfxm",
  "modified": "2022-05-14T01:37:06Z",
  "published": "2022-05-14T01:37:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16186"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2018-16186

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-16186

Aliases

CVE-2018-16186

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16186",
    "description": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.",
    "id": "GSD-2018-16186"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16186"
      ],
      "details": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.",
      "id": "GSD-2018-16186",
      "modified": "2023-12-13T01:22:26.328439Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16186",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RICOH Interactive Whiteboard",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "RICOH COMPANY, LTD."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use of Hard-coded Credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#55263945",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
          },
          {
            "name": "https://www.ricoh.com/info/2018/1127_1.html",
            "refsource": "MISC",
            "url": "https://www.ricoh.com/info/2018/1127_1.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.1.10137.0",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16186"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ricoh.com/info/2018/1127_1.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ricoh.com/info/2018/1127_1.html"
            },
            {
              "name": "JVN#55263945",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-02-04T16:45Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

CVE-2018-16186

Vulnerability from jvndb

Published

2018-11-27 15:26

Modified

2019-08-27 17:01

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in RICOH Interactive Whiteboard

Details

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN55263945/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16184
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16185
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16186
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16187
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16188
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16184
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16185
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16186
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16187
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16188
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Ricoh Co., Ltd	RICOH Interactive Whiteboard D2200
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5510
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5520
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D6500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D6510
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D7500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D8400

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "dc:date": "2019-08-27T17:01+09:00",
  "dcterms:issued": "2018-11-27T15:26+09:00",
  "dcterms:modified": "2019-08-27T17:01+09:00",
  "description": "RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.\r\n* Command injection (CWE-94) - CVE-2018-16184\r\n* Missing file signature - CVE-2018-16185\r\n* Hard-coded credentials for the administrator settings screen - CVE-2018-16186\r\n* The server certificate is self-signed - CVE-2018-16187\r\n* SQL injection (CWE-89) - CVE-2018-16188\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:ricoh:d2200_firmware",
      "@product": "RICOH Interactive Whiteboard D2200",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5500_firmware",
      "@product": "RICOH Interactive Whiteboard D5500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5510_firmware",
      "@product": "RICOH Interactive Whiteboard D5510",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5520_firmware",
      "@product": "RICOH Interactive Whiteboard D5520",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d6500_firmware",
      "@product": "RICOH Interactive Whiteboard D6500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d6510_firmware",
      "@product": "RICOH Interactive Whiteboard D6510",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d7500_firmware",
      "@product": "RICOH Interactive Whiteboard D7500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d8400_firmware",
      "@product": "RICOH Interactive Whiteboard D8400",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "10.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000124",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN55263945/index.html",
      "@id": "JVN#55263945",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16184",
      "@id": "CVE-2018-16184",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16185",
      "@id": "CVE-2018-16185",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16186",
      "@id": "CVE-2018-16186",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16187",
      "@id": "CVE-2018-16187",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16188",
      "@id": "CVE-2018-16188",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16184",
      "@id": "CVE-2018-16184",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16185",
      "@id": "CVE-2018-16185",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16186",
      "@id": "CVE-2018-16186",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16187",
      "@id": "CVE-2018-16187",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16188",
      "@id": "CVE-2018-16188",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in RICOH Interactive Whiteboard"
}

var-201901-0832

Vulnerability from variot

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. There are security vulnerabilities in several RICOHInteractiveWhiteboard products. An attacker can use this vulnerability to log in to the administrator settings page and modify the configuration

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0832",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "d6500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d2200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d7500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "d2200",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5520",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d6510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d8400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d6500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5520",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d5500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d6510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d7500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d8400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "d5520",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d5520",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "d6510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d7500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d5500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d7500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d8400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.0"
      },
      {
        "model": "d8400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d5510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.1"
      },
      {
        "model": "d6510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "3.1.10137.0"
      },
      {
        "model": "interactive whiteboard d2200",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5510",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5520",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d6510",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d7500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d8400",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d2200",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.1\u003c=v2.2"
      },
      {
        "model": "interactive whiteboard d5500",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.1\u003c=v2.2"
      },
      {
        "model": "interactive whiteboard d5510",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.1\u003c=v2.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:ricoh:d2200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d5500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d5510_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d5520_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d6500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d6510_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d7500_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ricoh:d8400_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      }
    ]
  },
  "cve": "CVE-2018-16186",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2018-16186",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-24466",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-16186",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 5.0,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 1.6,
            "value": "Critical"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-16186",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-24466",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-737",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh\u0027s multi-function printers. There are security vulnerabilities in several RICOHInteractiveWhiteboard products. An attacker can use this vulnerability to log in to the administrator settings page and modify the configuration",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16186",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN55263945",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-737",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "id": "VAR-201901-0832",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      }
    ],
    "trust": 1.5166667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:00:08.985000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "RICOH COMPANY, LTD. website",
        "trust": 0.8,
        "url": "https://www.ricoh.com/info/2018/1127_1.html"
      },
      {
        "title": "A variety of RICOHInteractiveWhiteboard products are limited to the patch to improve the vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/146115"
      },
      {
        "title": "Multiple RICOH Interactive Whiteboard Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87000"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-89",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-94",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://jvn.jp/en/jp/jvn55263945/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.ricoh.com/info/2018/1127_1.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16188"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16184"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16186"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16187"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16184"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16185"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16186"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16187"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16188"
      },
      {
        "trust": 0.6,
        "url": "https://jvn.jp/en/jp/jvn55263945/"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000124.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "date": "2018-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "date": "2018-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      },
      {
        "date": "2019-01-09T23:29:04.137000",
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-24466"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "date": "2019-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      },
      {
        "date": "2024-11-21T03:52:14.987000",
        "db": "NVD",
        "id": "CVE-2018-16186"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in RICOH Interactive Whiteboard",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-737"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2018-16186

Vulnerability from fkie_nvd

Published

2019-01-09 23:29

Modified

2024-11-21 03:52

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN55263945/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.ricoh.com/info/2018/1127_1.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN55263945/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ricoh.com/info/2018/1127_1.html	Vendor Advisory

Impacted products

Vendor	Product	Version
ricoh	d2200_firmware	*
ricoh	d2200	-
ricoh	d5500_firmware	*
ricoh	d5500	-
ricoh	d5510_firmware	*
ricoh	d5510	-
ricoh	d5520_firmware	*
ricoh	d5520_firmware	*
ricoh	d5520	-
ricoh	d6500_firmware	*
ricoh	d6500	-
ricoh	d6510_firmware	*
ricoh	d6510_firmware	*
ricoh	d6510	-
ricoh	d7500_firmware	*
ricoh	d7500_firmware	*
ricoh	d7500	-
ricoh	d8400_firmware	*
ricoh	d8400_firmware	*
ricoh	d8400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F1C6FF-7BE4-4F12-8F2E-4A1546922B06",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43293871-70F7-4B1D-956F-9308A860FC85",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2558C7C-403A-4C2B-B4B5-1AC935DB4514",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E56838-5CF4-4997-BCAD-684F8EA3E107",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF248D11-33E3-46CB-89AD-DBE4E5BF53ED",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09B5005-77BE-4F68-A7CE-F1D59DAD065C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFA1E26D-CFBB-4751-AEEA-6C613F32C7E8",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC034CC4-E2DB-4BEC-9137-E763B45116DA",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4CA9708-C251-4278-983F-B3FA1787B11D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC04F5B0-B090-4677-9AE5-45BF6D281967",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5848E96E-331B-4157-93B0-9DCB6B4B5A6F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6F770D0-76C7-43C0-84A8-01D2CFCBF973",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E74C181-711B-4695-9BB6-56706A8777E0",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DDE0143-ADE4-41E1-8884-2010B7E3EC95",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E0791E-F5E1-4606-905B-840271021001",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63DFC5DE-09B2-4CF9-9443-FC64CC3C35CE",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD5552E-8242-4E70-8BDD-58D16FF53ABE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F41C6567-0EAE-43DF-8DB0-477A1B7F5670",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBE1D9A-5A49-46F6-84CB-31DDAA80505F",
              "versionEndIncluding": "3.1.10137.0",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB2BD85-80E2-4225-8100-446B9F2BA053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration."
    },
    {
      "lang": "es",
      "value": "RICOH Interactive Whiteboard D2200, desde la V1.1 hasta la V2.2; D5500, desde la V1.1 hasta la V2.2; D5510, desde la V1.1 hasta la V2.2; las versiones con pantalla de RICOH Interactive Whiteboard Controller Type1, desde la V1.1 hasta la V2.2 (D5520, D6500, D6510, D7500, D8400) y las versiones con pantalla de RICOH Interactive Whiteboard Controller Type2, desde la V3.0 hasta la V3.1.10137.0 (D5520, D6510, D7500, D8400), emplean credenciales embebidas, lo que podr\u00eda permitir que un atacante en los mismos segmentos de red inicie sesi\u00f3n en la pantalla de opciones de administrador y cambie la configuraci\u00f3n."
    }
  ],
  "id": "CVE-2018-16186",
  "lastModified": "2024-11-21T03:52:14.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:04.137",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-16186 (GCVE-0-2018-16186)

Vulnerability from cvelistv5

cnvd-2018-24466

Vulnerability from cnvd

ghsa-q857-rfgj-pfxm

Vulnerability from github

gsd-2018-16186

Vulnerability from gsd

CVE-2018-16186

Vulnerability from jvndb

var-201901-0832

Vulnerability from variot

fkie_cve-2018-16186

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature