CVE-2018-17312

Name of the Vulnerable Software and Affected Versions RICOH Aficio MP 301 printer (affected versions not specified)

Description A security issue has been found in the RICOH Aficio MP 301 printer, related to HTML Injection and Stored XSS vulnerabilities. This issue is located in the area of adding addresses via the entryNameIn parameter to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint. The vulnerability exists due to inadequate protection of the web page structure, which could allow a remote attacker to inject arbitrary code into the protected web page.

Recommendations For the RICOH Aficio MP 301 printer, as a temporary workaround, consider disabling access to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint until a patch is available. Restrict the use of the entryNameIn parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.