Hard-Coded Credentials in RICOH Interactive Whiteboards
CVE-2018-16186

8.8HIGH

Key Information:

Vendor: Ricoh Company, Ltd.
Status: Ricoh Interactive Whiteboard
Vendor: CVE Published:; 9 January 2019

🔔 Create Ricoh Company, Ltd. Vulnerability Alert

What is CVE-2018-16186?

The RICOH Interactive Whiteboard series, including multiple models such as D2200, D5500, D5510, and others, contains hard-coded credentials that can be exploited. This vulnerability allows attackers on the same network to gain unauthorized access to the administrator settings, potentially enabling them to alter system configurations. Models with RICOH Interactive Whiteboard Controller Type1 and Type2 within specified version ranges are affected, presenting a significant security risk to users.

Affected Version(s)

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)

References

https://jvn.jp/en/jp/JVN55263945/index.html

third-party-advisoryx_refsource_JVN

https://www.ricoh.com/info/2018/1127_1.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Aug 30, 2018