Specific Ricoh MFP and Printer Products - Multiple vulnerabilities (CVE-2017-9765, CVE-2024-2169, CVE-2024-51977, CVE-2024-51979, CVE-2024-51980, CVE-2024-51981, CVE-2024-51982, CVE-2024-51983, CVE-2024-51984)

First published: 09:00 am on June 25, 2025 (2025-06-25T16:00:00+09:00)

Ricoh Company, Ltd.

Ricoh has identified multiple security vulnerabilities affecting device firmware and BRAdmin Light (Windows software). These vulnerabilities are listed below along with their corresponding CVE identifiers:

• Vulnerability Information ID: ricoh-2025-000007

• Version: 1.00E

• CVE ID(CWE ID): CVE-2017-9765 ( CWE-190 ) CVE-2024-2169 (N/A) CVE-2024-51977 ( CWE-538 ) CVE-2024-51979 ( CWE-121 ) CVE-2024-51980 ( CWE-918 ) CVE-2024-51981 ( CWE-918CWE-93 ) CVE-2024-51982 ( CWE-1286 ) CVE-2024-51983 ( CWE-1286 ) CVE-2024-51984 ( CWE-522 )

• CVSSv3 base score: 8.1HIGH

CVE-2017-9765: Stack buffer overflow that may allow malicious code execution or application crash

https://www.cve.org/CVERecord?id=CVE-2017-9765 

CVE-2024-2169: Infinite message loop between servers that may lead to denial of service

https://www.cve.org/CVERecord?id=CVE-2024-2169

CVE-2024-51977: Risk of unauthorised access to data 

https://www.cve.org/CVERecord?id=CVE-2024-51977 

CVE-2024-51979: Risk of stack overflow that may lead to system instability and malicious code execution

https://www.cve.org/CVERecord?id=CVE-2024-51979 

CVE-2024-51980: Forced TCP connections that may lead to unauthorised remote access

https://www.cve.org/CVERecord?id=CVE-2024-51980

CVE-2024-51981: Risk of unauthorised HTTP requests being forwarded to other hosts within the local area network 

https://www.cve.org/CVERecord?id=CVE-2024-51981 

CVE-2024-51982: Device crash triggered by external input that may lead to denial of service and system instability

https://www.cve.org/CVERecord?id=CVE-2024-51982 

CVE-2024-51983: Risk of device crash from external input that may lead to denial of service and system instability

https://www.cve.org/CVERecord?id=CVE-2024-51983 

CVE-2024-51984: Risk of printer data exposure via pass-back attacks

https://www.cve.org/CVERecord?id=CVE-2024-51984 

List 1 below shows the affected products and services.

List1: Ricoh products and services affected by this vulnerability

Product/service	Link to details
SP 230DNw	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000166-2025-000007 empty
P 201W	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000167-2025-000007 empty
M 340W	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000168-2025-000007 empty
SP 230SFNw	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000169-2025-000007 empty
M 340FW	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000170-2025-000007 empty

empty

emptyemptyemptyemptyemptyemptyempty

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2025-06-25T16:00:00+09:00 : 1.00E Initial public release