CVE-2019-14309

HIGH

Ricoh SP C250DN <1.05 - Info Disclosure

Title source: llm

Description

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.ricoh-usa.com/en/support-and-download

Third Party Advisory x_refsource_misc

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

Scores

CVSS v3 7.5

EPSS 0.0120

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-798

Status published

Products (4)

ricoh/sp_c250dn_firmware 1.05

ricoh/sp_c250sf_firmware

ricoh/sp_c252dn_firmware

ricoh/sp_c252sf_firmware

Published Mar 13, 2020

Tracked Since Feb 18, 2026