Ricoh software security vulnerability
I ran across this at work and just thought I would pass it along in case anyone is using Ricoh software with FTP server.
Ricoh DC Software DL-10 188.8.131.52, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.
It looks like they only tested the exploit on 184.108.40.206 but other versions may be affected. You have to name an FTP log file with sr10.exe to be affected.
To make sure you cannot be affected, start SR10.exe an make sure the log file name is blank (which it should be by default).
- Fujifilm X-T223.6%
- Nikon D50025.4%
- Nikon AF-S 105mm F1.4E8.2%
- Olympus M.Zuiko 12-100mm F47.5%
- Panasonic Lumix DMC-G857.2%
- Sigma 85mm F1.4 Art6.7%
- Sigma 50-100mm F1.8 Art5.1%
- Sony a63006.4%
- Sony Cyber-shot RX10 III3.7%
- Sony Cyber-shot RX100 V6.3%
|Lighthouse, Bottom of the World by CelticOdyssey|
from An A to Z of Subjects- Week 12, L
|Dundrum by Rik Powdrill|