Cross-site Scripting Vulnerability in Aficio SP 4210N Firmware by Ricoh
CVE-2022-37406

4.8MEDIUM

Key Information:

Vendor

Ricoh Company, Ltd.

Status
Aficio Sp 4210n
Vendor
CVE Published:
7 December 2022

What is CVE-2022-37406?

The Aficio SP 4210N firmware has a cross-site scripting vulnerability that allows remote authenticated attackers with administrative privileges to inject arbitrary scripts. This flaw can lead to unauthorized actions and data exposure, impacting the integrity and confidentiality of user information. It is crucial for users of affected firmware versions to implement the latest updates to mitigate this risk.

Affected Version(s)

Aficio SP 4210N firmware versions prior to Web Support 1.05

References

https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/...
https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history...
https://jvn.jp/en/jp/JVN24659622/index.html

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-37406 : Cross-site Scripting Vulnerability in Aficio SP 4210N Firmware by Ricoh