CVE-2018-17315

Name of the Vulnerable Software and Affected Versions RICOH MP C2003 printer (affected versions not specified)

Description A security issue has been found in the RICOH MP C2003 printer, related to HTML Injection and Stored XSS vulnerabilities. This issue is located in the area of adding addresses via the entryNameIn parameter to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint. The vulnerability exists due to inadequate protection of the web page structure, which could allow a remote attacker to inject arbitrary code into the protected web page.

Recommendations For the RICOH MP C2003 printer, consider disabling access to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint until a patch is available. Avoid using the entryNameIn parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.