SQL Injection Vulnerability in RICOH Interactive Whiteboard Products
CVE-2018-16188

9.8CRITICAL

Key Information:

Vendor: Ricoh Company, Ltd.
Status: Ricoh Interactive Whiteboard
Vendor: CVE Published:; 9 January 2019

🔔 Create Ricoh Company, Ltd. Vulnerability Alert

What is CVE-2018-16188?

An SQL injection vulnerability exists in specific versions of RICOH Interactive Whiteboard products, allowing remote attackers to execute arbitrary SQL commands through unspecified vectors. This vulnerability impacts various models and their associated controllers, enabling unauthorized access to sensitive information stored in the database, potentially leading to further exploitation.

Affected Version(s)

RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)

References

https://jvn.jp/en/jp/JVN55263945/index.html

third-party-advisoryx_refsource_JVN

https://www.ricoh.com/info/2018/1127_1.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Aug 30, 2018