Details of VAR-202202-1057

ID

VAR-202202-1057

CVE

CVE-2021-33945

TITLE

plural RICOH Printer SP series product out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-018538

DESCRIPTION

RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. plural RICOH Printer SP series products contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-33945 // JVNDB: JVNDB-2021-018538

AFFECTED PRODUCTS

vendor:	ricoh	model:	sp 330sn	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 320sfn	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 325sfnw	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 212w	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 377snwx	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c252sf	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 221snw	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 377dnwx	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 310dnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 220snw	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp c260sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c250dn	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 330sfn	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c261sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 221sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 277snwx	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 212sfw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 312sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	m 320f	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 330sn	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	p 310	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 325dnw	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	aficio sp 3500sf	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp c260dnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c262dnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 277sfnwx	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 311dnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 221snw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 325sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	p 311	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 220snw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 221sf	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 212nw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 213suw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 277nwx	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 312dnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 310sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 325snw	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	m c2000	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c250sf	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	m 2701	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c252dn	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 212snw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 220sfnw	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 325dnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	m 2700	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 213w	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	m 320fb	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	m c250fwb	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 213sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 212suw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	m c250fw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c262sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 330dn	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 377sfnwx	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	p c300w	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp c261dnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 325snw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 311sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 3710sf	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 3710dn	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 220sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 221sfnw	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 220nw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	p c301w	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 213snw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 221s	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 212sfnw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 213sfw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 221nw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	m 320	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 320sn	scope:	eq	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 213nw	scope:	eq	version:	-	Trust: 1.0
vendor:	ricoh	model:	sp 320dn	scope:	eq	version:	1.06	Trust: 1.0
vendor:	リコー	model:	sp 221s	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 330sn	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 325dnw	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 220snw	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 320sn	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 320dn	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	aficio sp 3500sf	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 325snw	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 325sfnw	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	sp 320sfn	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-018538 // NVD: CVE-2021-33945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33945
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-33945
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202202-1296
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-33945
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-33945
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33945
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-018538 // CNNVD: CNNVD-202202-1296 // NVD: CVE-2021-33945

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-018538 // NVD: CVE-2021-33945

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1296

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-1296

PATCH

title:	Update	url:	https://www.ricoh.com/info/2022/0228_1	Trust: 0.8
title:	wpa_supplicant Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184142	Trust: 0.6

sources: JVNDB: JVNDB-2021-018538 // CNNVD: CNNVD-202202-1296

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33945	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-018538	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-1296	Trust: 0.6

sources: JVNDB: JVNDB-2021-018538 // CNNVD: CNNVD-202202-1296 // NVD: CVE-2021-33945

REFERENCES

url:	https://github.com/ainevsia/cve-request/tree/main/ricoh/1	Trust: 2.4
url:	https://www.ricoh.com/info/2022/0228_1/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33945	Trust: 0.8

sources: JVNDB: JVNDB-2021-018538 // CNNVD: CNNVD-202202-1296 // NVD: CVE-2021-33945

SOURCES

db:	JVNDB	id:	JVNDB-2021-018538
db:	CNNVD	id:	CNNVD-202202-1296
db:	NVD	id:	CVE-2021-33945

LAST UPDATE DATE

2024-08-14T14:11:00.215000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-018538	date:	2023-06-21T03:28:00
db:	CNNVD	id:	CNNVD-202202-1296	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-33945	date:	2022-05-11T14:24:49.947

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-018538	date:	2023-06-21T00:00:00
db:	CNNVD	id:	CNNVD-202202-1296	date:	2022-02-15T00:00:00
db:	NVD	id:	CVE-2021-33945	date:	2022-02-15T20:15:07.407