CVE-2018-17309

Name of the Vulnerable Software and Affected Versions RICOH MP C406Z printer (affected versions not specified)

Description A security issue has been found in the RICOH MP C406Z printer, related to HTML Injection and Stored XSS vulnerabilities. This issue is associated with adding addresses via the entryNameIn parameter to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint. The vulnerability exists due to inadequate protection of the web page structure, which could allow a remote attacker to inject arbitrary code into the protected web page.

Recommendations For the RICOH MP C406Z printer, consider disabling access to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint until a patch is available. Avoid using the entryNameIn parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.