CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18006

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile20.82th
PublishedDec 14, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

Affected Platforms (CPE)

πŸ“¦
Ricoh

Myprint

= 2.2.7
πŸ“¦
Ricoh

Myprint

= 2.9.2.4

References & Advisories

πŸ”— http://packetstormsecurity.com/files/150399/Ricoh-myPrint-Hardcoded-Credentials-Information-Disclosure.html
πŸ”— http://seclists.org/fulldisclosure/2018/Nov/46
πŸ”— http://packetstormsecurity.com/files/150399/Ricoh-myPrint-Hardcoded-Credentials-Information-Disclosure.html
πŸ”— http://seclists.org/fulldisclosure/2018/Nov/46

Related Vulnerabilities

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...