CVE-2019-14299

CRITICAL

Ricoh SP C250DN <1.05 - Auth Bypass

Title source: llm

Description

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.ricoh-usa.com/en/support-and-download

Third Party Advisory x_refsource_misc

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

Scores

CVSS v3 9.8

EPSS 0.0141

EPSS Percentile 69.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-307

Status published

Products (4)

ricoh/sp_c250dn_firmware 1.05

ricoh/sp_c250sf_firmware

ricoh/sp_c252dn_firmware

ricoh/sp_c252sf_firmware

Published Mar 13, 2020

Tracked Since Feb 18, 2026