Ricoh Laser Printers and MFPs Vulnerable to Stack-Based Buffer Overflow
CVE-2024-47939

9.8CRITICAL

Key Information:

Vendor

Ricoh Company, Ltd.

Status
Multiple Laser Printers And Mfps Which Implement Web Image Monitor
Multiple Mfps Which Implement Web Image Monitor
Vendor
CVE Published:
1 November 2024

What is CVE-2024-47939?

A stack-based buffer overflow vulnerability is present in various Ricoh laser printers and multifunction printers (MFPs) that utilize the Web Image Monitor feature. Exploitation of this vulnerability occurs when attackers send specially crafted requests, potentially leading to arbitrary code execution. This flaw not only exposes the affected devices to unauthorized control but could also result in a denial-of-service (DoS) condition, severely impacting the availability and functionality of the devices. It is crucial for users of these Ricoh products to stay informed and apply recommended security measures as outlined in vendor advisories.

Affected Version(s)

Multiple laser printers and MFPs which implement Web Image Monitor see the information provided by the vendor

Multiple MFPs which implement Web Image Monitor see the information provided by the vendor

References

https://www.ricoh.com/products/security/vulnerabilities/v...
https://jp.ricoh.com/security/products/vulnerabilities/vu...
https://www.konicaminolta.jp/business/support/important/2...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-47939 : Ricoh Laser Printers and MFPs Vulnerable to Stack-Based Buffer Overflow