CVE-2024-37124

CRITICAL

Ricoh Streamline NX PC Client - Code Injection

Title source: llm

Description

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.

References (2)

Core 2

Core References

Various Sources

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006

Third Party Advisory

https://jvn.jp/en/jp/JVN00442488/

Scores

CVSS v3 9.8

EPSS 0.0051

EPSS Percentile 39.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (7)

RICOH COMPANY, LTD./Ricoh Streamline NX PC Client and ver.3.6.2.1

RICOH COMPANY, LTD./Ricoh Streamline NX PC Client ver.3.2.1.19

RICOH COMPANY, LTD./Ricoh Streamline NX PC Client ver.3.3.1.3

RICOH COMPANY, LTD./Ricoh Streamline NX PC Client ver.3.3.2.201

RICOH COMPANY, LTD./Ricoh Streamline NX PC Client ver.3.4.3.1

RICOH COMPANY, LTD./Ricoh Streamline NX PC Client ver.3.5.1.201 (ver.3.5.1.200op1)

RICOH COMPANY, LTD./Ricoh Streamline NX PC Client ver.3.6.100.53

Published Jun 19, 2024

Tracked Since Feb 18, 2026