CVE-2019-14304
high-risk
Published 2020-01-10
Ricoh SP C250DN 1.06 devices allow CSRF.
Do I need to act?
-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Sp C250Sf Firmware
Sp C252Sf Firmware
Sp C250Dn Firmware
Sp C252Dn Firmware
M C250Fw Firmware
M C250Fwb Firmware
P C300W Firmware
P C301W Firmware
Sp 330Sn Firmware
Sp 330Sfn Firmware
Sp 330Dn Firmware
Sp 3710Sf Firmware
Sp 3710Dn Firmware
Sp C260Dnw Firmware
Sp C260Sfnw Firmware
Sp C261Dnw Firmware
Sp C261Sfnw Firmware
Sp C262Sfnw Firmware
Sp C262Dnw Firmware
Mp 2014 Firmware
Affected Vendors
References (4)
Third Party Advisory
http://jvn.jp/en/jp/JVN52962201/index.html
Vendor Advisory
https://www.ricoh.com/info/2019/0823_1/
Third Party Advisory
http://jvn.jp/en/jp/JVN52962201/index.html
Vendor Advisory
https://www.ricoh.com/info/2019/0823_1/
57
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
1/34 · Minimal
Exposure
26/34 · High