# Exploit Title: RICOH Web Image Monitor 1.09 - HTML Injection # Date: 2019-05-06 # Exploit Author: Ismail Tasdelen # Vendor Homepage: https://www.ricoh.com/ # Hardware Link: http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html # Software: RICOH Web Image Monitor # Product Version: v1.09 # Vulernability Type: Code Injection # Vulenrability: HTML Injection # CVE: N/A # Descripton : # It has been discovered that in the v1.09 version of Image Monitor from # RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi # function. This vulnerability affected all hardware that uses the entire # Image Monitor v1.09. # Attack Vectors : You can run HTML Injection on the entryNameIn and entryDisplayNameIn in the corresponding function. HTML Injection Payload : ">

ismailtasdelen