Notice on NAME:WRECK TCP/IP Stack Potential Vulnerabilities
Ricoh Company, Ltd.
Ricoh is aware of the security vulnerabilities known as the “NAME:WRECK” disclosed by the JSOF and ForeScout Research Labs on April 14, 2021. These vulnerabilities could potentially allow a remote hacker to trigger an information leak if a specific TCP/IP stack version is used.
- https://www.jsof-tech.com/namewreck-dns-vulnerabilities-disclosed-by-jsof-and-forescout/
- https://www.forescout.com/company/blog/forescout-and-jsof-disclose-new-dns-vulnerabilities-impacting-millions-of-enterprise-and-consumer-devices/
The only affected A4-sized multi-function printers confirmed are as following:
ModelName | CVE |
SG 3100SNw | CVE-2016-20009 |
THE POTENTIAL VULNERABILITY SUMMARY
The affected printer has potential vulnerabilities which may cause a device stall, memory destruction, network failure, information leak, and being targets of springboard attack.
This vulnerability will not affect devices connected to the customer’s network if the network is properly configured against external attacks. Ricoh recommends always using best practices for network protection, including:
- When the device is connected to a network, ensure that the network is protected, for example, by a firewall.
- Install the device in a secure network where users restrictions are in place.
RESOLUTION
Ricoh will release updated firmware on its driver site as it is available. As information is updated, it will be published here.
WORKAROUND
Until updated firmware is available, please implement the workarounds described here.
For further details on best practices for securely setting up your printer or MFP, please visit here.
News & Events
Keep up to date
- 09Dec
Free RICOH Webinar Series : "Beyond the Limits: Cloud-Powered Security, Networks, and Data Analytics"
- 06Dec
RICOH Thailand has received the Operator Recognition Award for over 20 years of continuous Thai green label certified, along with the annual Green Label Certification Award from the Thai Environmental Institute (TEI)
- 04Dec
Ricoh selected amongst the Financial Times “Best Employers Asia- Pacific 2025”
- 14Nov
Ricoh IM C320F Wins a 2025 Pick Award from Keypoint Intelligence