Cross-site Scripting Vulnerability in Aficio SP 4210N Firmware by Ricoh
CVE-2022-37406

4.8MEDIUM

Key Information:

Vendor: Ricoh Company, Ltd.
Status: Aficio Sp 4210n
Vendor: CVE Published:; 7 December 2022

🔔 Create Ricoh Company, Ltd. Vulnerability Alert

What is CVE-2022-37406?

The Aficio SP 4210N firmware has a cross-site scripting vulnerability that allows remote authenticated attackers with administrative privileges to inject arbitrary scripts. This flaw can lead to unauthorized actions and data exposure, impacting the integrity and confidentiality of user information. It is crucial for users of affected firmware versions to implement the latest updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Aficio SP 4210N firmware versions prior to Web Support 1.05

References

https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/...

https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history...

https://jvn.jp/en/jp/JVN24659622/index.html

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 7, 2022
Vulnerability Reserved
Nov 14, 2022

JSON

Ricoh Company, Ltd.