RICOH Web Image Monitor 1.09 - HTML Injection

vendor:

Web Image Monitor

by:

Ismail Tasdelen

N/A

CVSS

N/A

HTML Injection

CWE

Product Name: Web Image Monitor

Affected Version From: v1.09

Affected Version To: v1.09

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2019

RICOH Web Image Monitor 1.09 – HTML Injection

It has been discovered that in the v1.09 version of Image Monitor from RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi function. This vulnerability affected all hardware that uses the entire Image Monitor v1.09.

Mitigation:

Unknown

Source

Exploit-DB raw data:

# Exploit Title: RICOH Web Image Monitor 1.09 - HTML Injection
# Date: 2019-05-06 
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://www.ricoh.com/
# Hardware Link: http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html
# Software: RICOH Web Image Monitor
# Product Version: v1.09
# Vulernability Type: Code Injection
# Vulenrability: HTML Injection
# CVE: N/A

# Descripton :
# It has been discovered that in the v1.09 version of Image Monitor from
# RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi
# function. This vulnerability affected all hardware that uses the entire
# Image Monitor v1.09.

# Attack Vectors :

You can run HTML Injection on the entryNameIn and entryDisplayNameIn in the corresponding function.
HTML Injection Payload : "><h1>ismailtasdelen