Man-in-the-Middle Vulnerability in RICOH Interactive Whiteboard Products
CVE-2018-16187

5.9MEDIUM

Key Information:

Vendor: Ricoh Company, Ltd.
Status: Ricoh Interactive Whiteboard
Vendor: CVE Published:; 9 January 2019

🔔 Create Ricoh Company, Ltd. Vulnerability Alert

What is CVE-2018-16187?

Certain versions of the RICOH Interactive Whiteboard do not properly verify server certificates, allowing potential attackers to intercept and eavesdrop on encrypted communications. This vulnerability affects multiple models and version combinations, posing a risk to the confidentiality and integrity of the data being exchanged.

Affected Version(s)

RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)

References

https://jvn.jp/en/jp/JVN55263945/index.html

third-party-advisoryx_refsource_JVN

https://www.ricoh.com/info/2018/1127_1.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Aug 30, 2018