CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-18006

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile20.82th
Published2018年12月14日
Last Modified2024年11月21日

Vulnerability Description

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

Affected Platforms (CPE)

📦
Ricoh

Myprint

= 2.2.7
📦
Ricoh

Myprint

= 2.9.2.4

References & Advisories

🔗 http://packetstormsecurity.com/files/150399/Ricoh-myPrint-Hardcoded-Credentials-Information-Disclosure.html
🔗 http://seclists.org/fulldisclosure/2018/Nov/46
🔗 http://packetstormsecurity.com/files/150399/Ricoh-myPrint-Hardcoded-Credentials-Information-Disclosure.html
🔗 http://seclists.org/fulldisclosure/2018/Nov/46

関連する脆弱性情報

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-422910.0

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatc...