CVE-2018-16187 Information
Feb 14, 2021
cve
Description
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2 D5500 V1.3 to V2.2 D5510 V1.3 to V2.2 the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520 D6500 D6510 D7500 D8400) and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520 D6510 D7500 D8400) does not verify its server certificates which allows man-in-the-middle attackers to eversdrop on encrypted communication.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://jvn.jp/en/jp/JVN55263945/index.html https://www.ricoh.com/info/2018/1127_1.html
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.9
Share on: