EIP-2026-101948

PRE-CVE

RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101948. PoCs published by Olga Villagran.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in the RICOH Aficio SP 5210SF Printer's web interface. The PoC shows how an attacker can inject malicious HTML code via the 'entryNameIn' parameter in HTTP POST requests to 'adrsGetUser.cgi' and 'adrsSetUser.cgi'.

Description

RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection

Exploits (1)

exploitdb WORKING POC

by Olga Villagran · textwebappshardware

https://www.exploit-db.com/exploits/48164

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in the RICOH Aficio SP 5210SF Printer's web interface. The PoC shows how an attacker can inject malicious HTML code via the 'entryNameIn' parameter in HTTP POST requests to 'adrsGetUser.cgi' and 'adrsSetUser.cgi'.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: RICOH Aficio SP 5210SF Printer

Auth required

Prerequisites: Access to the printer's web interface · Valid session cookies

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026