Remote Code Execution Vulnerability in RICOH Interactive Whiteboard Products
CVE-2018-16185

7.8HIGH

Key Information:

Vendor: Ricoh Company, Ltd.
Status: Ricoh Interactive Whiteboard
Vendor: CVE Published:; 9 January 2019

🔔 Create Ricoh Company, Ltd. Vulnerability Alert

What is CVE-2018-16185?

Certain versions of RICOH Interactive Whiteboard devices, including models D2200, D5500, D5510, and various models using both Controller Type1 and Type2, are susceptible to a remote code execution vulnerability. This allows attackers to potentially execute arbitrary code on the device from a remote location, compromising the integrity and confidentiality of the interactive whiteboard system.

Affected Version(s)

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)

References

https://jvn.jp/en/jp/JVN55263945/index.html

third-party-advisoryx_refsource_JVN

https://www.ricoh.com/info/2018/1127_1.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Aug 30, 2018