cvelistv5 - CVE-2018-16184

CVE-2018-16184 (GCVE-0-2018-16184)

Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17

Summary

Severity ?

No CVSS data available.

CWE

OS Command Injection

Assigner

jpcert

References

URL

	Vendor	Product	Version
	RICOH COMPANY, LTD.	RICOH Interactive Whiteboard	Affected: D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)

FKIE_CVE-2018-16184

Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN55263945/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.ricoh.com/info/2018/1127_1.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN55263945/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ricoh.com/info/2018/1127_1.html	Vendor Advisory

Impacted products

Vendor	Product	Version
ricoh	d2200_firmware	*
ricoh	d2200	-
ricoh	d5500_firmware	*
ricoh	d5500	-
ricoh	d5510_firmware	*
ricoh	d5510	-
ricoh	d5520_firmware	*
ricoh	d5520	-
ricoh	d6500_firmware	*
ricoh	d6500	-
ricoh	d6510_firmware	*
ricoh	d6510	-
ricoh	d7500_firmware	*
ricoh	d7500	-
ricoh	d8400_firmware	*
ricoh	d8400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3F42A4-1425-4B49-B1AD-83DA86744B56",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43293871-70F7-4B1D-956F-9308A860FC85",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF0ABCA-D8A1-4B36-B812-39801E4C69C5",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E56838-5CF4-4997-BCAD-684F8EA3E107",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C3E2C4-BDAF-4AF9-968B-657724690FC8",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09B5005-77BE-4F68-A7CE-F1D59DAD065C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70A94AA2-948E-4B74-9DF6-A0DFF0A128A4",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4CA9708-C251-4278-983F-B3FA1787B11D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7465870D-78A5-47C0-8D31-8ACE35E79168",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5848E96E-331B-4157-93B0-9DCB6B4B5A6F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C23809-6F15-4AE6-AAF2-E6F5A398B176",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DDE0143-ADE4-41E1-8884-2010B7E3EC95",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7735F80E-9131-42AC-B86F-0EE9E4A33E96",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD5552E-8242-4E70-8BDD-58D16FF53ABE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA9F9CB7-4ACD-4B73-BCEF-1DA7E86EE651",
              "versionEndIncluding": "2.2",
              "versionStartIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB2BD85-80E2-4225-8100-446B9F2BA053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "RICOH Interactive Whiteboard D2200, desde la V1.6 hasta la V2.2; D5500, desde la V1.6 hasta la V2.2; D5510, desde la V1.6 hasta la V2.2; y las versiones con pantalla de RICOH Interactive Whiteboard Controller Type1, desde la V1.6 hasta la V2.2 (D5520, D6500, D6510, D7500, D8400), permiten que atacantes remotos ejecuten comandos arbitrarios mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-16184",
  "lastModified": "2024-11-21T03:52:14.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:04.043",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-25429

Vulnerability from cnvd - Published: 2018-12-14

Title

多款RICOH Interactive Whiteboard产品命令注入漏洞

Description

RICOH Interactive Whiteboard D2200等都是日本理光（Ricoh）公司的多功能打印机设备。多款RICOH Interactive Whiteboard产品中存在命令注入漏洞，远程攻击者可利用该漏洞以管理权限执行任意命令。

Severity

高

Patch Name

多款RICOH Interactive Whiteboard产品命令注入漏洞的补丁

Patch Description

RICOH Interactive Whiteboard D2200等都是日本理光（Ricoh）公司的多功能打印机设备。多款RICOH Interactive Whiteboard产品中存在命令注入漏洞，远程攻击者可利用该漏洞以管理权限执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ricoh.com/info/2018/1127_1.html

Reference

https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html

Impacted products

Name
['Ricoh RICOH Interactive Whiteboard D2200 >=1.6，<=2.2', 'Ricoh RICOH Interactive Whiteboard D5500 >=1.6，<=2.2', 'Ricoh RICOH Interactive Whiteboard D5510 >=1.6，<=2.2', 'Ricoh RICOH Interactive Whiteboard D5520（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D6500（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D6510（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D7500（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D8400（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）']

Name

['Ricoh RICOH Interactive Whiteboard D2200 >=1.6，<=2.2', 'Ricoh RICOH Interactive Whiteboard D5500 >=1.6，<=2.2', 'Ricoh RICOH Interactive Whiteboard D5510 >=1.6，<=2.2', 'Ricoh RICOH Interactive Whiteboard D5520（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D6500（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D6510（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D7500（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）', 'Ricoh RICOH Interactive Whiteboard D8400（RICOH Interactive Whiteboard Controller Type1 1.6版本至2.2版本）']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16184"
    }
  },
  "description": "RICOH Interactive Whiteboard D2200\u7b49\u90fd\u662f\u65e5\u672c\u7406\u5149\uff08Ricoh\uff09\u516c\u53f8\u7684\u591a\u529f\u80fd\u6253\u5370\u673a\u8bbe\u5907\u3002\n\n\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ricoh.com/info/2018/1127_1.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25429",
  "openTime": "2018-12-14",
  "patchDescription": "RICOH Interactive Whiteboard D2200\u7b49\u90fd\u662f\u65e5\u672c\u7406\u5149\uff08Ricoh\uff09\u516c\u53f8\u7684\u591a\u529f\u80fd\u6253\u5370\u673a\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ricoh RICOH Interactive Whiteboard D2200 \u003e=1.6\uff0c\u003c=2.2",
      "Ricoh RICOH Interactive Whiteboard D5500 \u003e=1.6\uff0c\u003c=2.2",
      "Ricoh RICOH Interactive Whiteboard D5510 \u003e=1.6\uff0c\u003c=2.2",
      "Ricoh RICOH Interactive Whiteboard D5520\uff08RICOH Interactive Whiteboard Controller Type1 1.6\u7248\u672c\u81f32.2\u7248\u672c\uff09",
      "Ricoh RICOH Interactive Whiteboard D6500\uff08RICOH Interactive Whiteboard Controller Type1 1.6\u7248\u672c\u81f32.2\u7248\u672c\uff09",
      "Ricoh RICOH Interactive Whiteboard D6510\uff08RICOH Interactive Whiteboard Controller Type1 1.6\u7248\u672c\u81f32.2\u7248\u672c\uff09",
      "Ricoh RICOH Interactive Whiteboard D7500\uff08RICOH Interactive Whiteboard Controller Type1 1.6\u7248\u672c\u81f32.2\u7248\u672c\uff09",
      "Ricoh RICOH Interactive Whiteboard D8400\uff08RICOH Interactive Whiteboard Controller Type1 1.6\u7248\u672c\u81f32.2\u7248\u672c\uff09"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-28",
  "title": "\u591a\u6b3eRICOH Interactive Whiteboard\u4ea7\u54c1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GSD-2018-16184

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16184

Aliases

CVE-2018-16184

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16184",
    "description": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.",
    "id": "GSD-2018-16184"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16184"
      ],
      "details": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.",
      "id": "GSD-2018-16184",
      "modified": "2023-12-13T01:22:26.219751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16184",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RICOH Interactive Whiteboard",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "RICOH COMPANY, LTD."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OS Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#55263945",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
          },
          {
            "name": "https://www.ricoh.com/info/2018/1127_1.html",
            "refsource": "MISC",
            "url": "https://www.ricoh.com/info/2018/1127_1.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16184"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ricoh.com/info/2018/1127_1.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ricoh.com/info/2018/1127_1.html"
            },
            {
              "name": "JVN#55263945",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

GHSA-W2RG-93QG-HRGR

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.",
  "id": "GHSA-w2rg-93qg-hrgr",
  "modified": "2022-05-13T01:50:18Z",
  "published": "2022-05-13T01:50:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16184"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN55263945/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.ricoh.com/info/2018/1127_1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201901-0830

Vulnerability from variot - Updated: 2023-12-18 12:00

RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. There are command injection vulnerabilities in several RICOHInteractiveWhiteboard products that can be exploited by remote attackers to enforce arbitrary commands with administrative privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0830",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "d6500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "d7500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "d5510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "d6510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "d6510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d2200",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d6500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d7500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "d8400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d8400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "d5500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5510",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5520",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "2.2"
      },
      {
        "model": "d5520",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "d2200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "1.6"
      },
      {
        "model": "interactive whiteboard d2200",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5510",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d5520",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d6510",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d7500",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d8400",
        "scope": null,
        "trust": 0.8,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "interactive whiteboard d2200",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.6\u003c=2.2"
      },
      {
        "model": "interactive whiteboard d5500",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.6\u003c=2.2"
      },
      {
        "model": "interactive whiteboard d5510",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.6\u003c=2.2"
      },
      {
        "model": "interactive whiteboard d5520 (ricoh interactive whiteboard controller type1 to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.62.2)"
      },
      {
        "model": "interactive whiteboard d6500 (ricoh interactive whiteboard controller type1 to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.62.2)"
      },
      {
        "model": "interactive whiteboard d6510 (ricoh interactive whiteboard controller type1 to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.62.2)"
      },
      {
        "model": "interactive whiteboard d7500 (ricoh interactive whiteboard controller type1 to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.62.2)"
      },
      {
        "model": "interactive whiteboard d8400 (ricoh interactive whiteboard controller type1 to",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "1.62.2)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.2",
                    "versionStartIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      }
    ]
  },
  "cve": "CVE-2018-16184",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-25429",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-16184",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 5.0,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000124",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 1.6,
            "value": "Critical"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-16184",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000124",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25429",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-735",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-16184",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh\u0027s multi-function printers. There are command injection vulnerabilities in several RICOHInteractiveWhiteboard products that can be exploited by remote attackers to enforce arbitrary commands with administrative privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16184"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16184",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN55263945",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16184",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ]
  },
  "id": "VAR-201901-0830",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      }
    ],
    "trust": 1.5687500124999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:00:35.492000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "RICOH COMPANY, LTD. website",
        "trust": 0.8,
        "url": "https://www.ricoh.com/info/2018/1127_1.html"
      },
      {
        "title": "Patches for multiple RICOHInteractiveWhiteboard product command injection vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/147323"
      },
      {
        "title": "Multiple RICOH Interactive Whiteboard Product Command Injection Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86999"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-89",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-94",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn55263945/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.ricoh.com/info/2018/1127_1.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16188"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16184"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16186"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16187"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16184"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16185"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16186"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16187"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16188"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000124.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-16184"
      },
      {
        "date": "2018-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "date": "2019-01-09T23:29:04.043000",
        "db": "NVD",
        "id": "CVE-2018-16184"
      },
      {
        "date": "2018-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25429"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-16184"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-16184"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in RICOH Interactive Whiteboard",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000124"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-735"
      }
    ],
    "trust": 0.6
  }
}

JVNDB-2018-000124

Vulnerability from jvndb - Published: 2018-11-27 15:26 - Updated:2019-08-27 17:01

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in RICOH Interactive Whiteboard

Details

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN55263945/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16184
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16185
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16186
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16187
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16188
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16184
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16185
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16186
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16187
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16188
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Ricoh Co., Ltd	RICOH Interactive Whiteboard D2200
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5510
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D5520
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D6500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D6510
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D7500
	Ricoh Co., Ltd	RICOH Interactive Whiteboard D8400

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "dc:date": "2019-08-27T17:01+09:00",
  "dcterms:issued": "2018-11-27T15:26+09:00",
  "dcterms:modified": "2019-08-27T17:01+09:00",
  "description": "RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.\r\n* Command injection (CWE-94) - CVE-2018-16184\r\n* Missing file signature - CVE-2018-16185\r\n* Hard-coded credentials for the administrator settings screen - CVE-2018-16186\r\n* The server certificate is self-signed - CVE-2018-16187\r\n* SQL injection (CWE-89) - CVE-2018-16188\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000124.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:ricoh:d2200_firmware",
      "@product": "RICOH Interactive Whiteboard D2200",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5500_firmware",
      "@product": "RICOH Interactive Whiteboard D5500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5510_firmware",
      "@product": "RICOH Interactive Whiteboard D5510",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d5520_firmware",
      "@product": "RICOH Interactive Whiteboard D5520",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d6500_firmware",
      "@product": "RICOH Interactive Whiteboard D6500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d6510_firmware",
      "@product": "RICOH Interactive Whiteboard D6510",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d7500_firmware",
      "@product": "RICOH Interactive Whiteboard D7500",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:ricoh:d8400_firmware",
      "@product": "RICOH Interactive Whiteboard D8400",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "10.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000124",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN55263945/index.html",
      "@id": "JVN#55263945",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16184",
      "@id": "CVE-2018-16184",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16185",
      "@id": "CVE-2018-16185",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16186",
      "@id": "CVE-2018-16186",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16187",
      "@id": "CVE-2018-16187",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16188",
      "@id": "CVE-2018-16188",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16184",
      "@id": "CVE-2018-16184",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16185",
      "@id": "CVE-2018-16185",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16186",
      "@id": "CVE-2018-16186",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16187",
      "@id": "CVE-2018-16187",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16188",
      "@id": "CVE-2018-16188",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in RICOH Interactive Whiteboard"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16184 (GCVE-0-2018-16184)

FKIE_CVE-2018-16184

CNVD-2018-25429

GSD-2018-16184

GHSA-W2RG-93QG-HRGR

VAR-201901-0830

JVNDB-2018-000124

Tags

Sightings

Nomenclature