RICOH Streamline NX V3 PC Client Arbitrary File Overwrite Vulnerability

An external control of file name or path vulnerability has been identified in RICOH Streamline NX V3 PC Client, affecting versions 3.5.0 prior to 3.242.0. This vulnerability allows an attacker to send a specially crafted request that overwrites arbitrary files in the file system with log data. The issue arises because the application permits the manipulation of file paths through its export functionality, which can be exploited to overwrite files without user permission.

Impact

Exploitation of this vulnerability allows for arbitrary file overwriting, where targeted files in the file system are replaced with log data from the application.

Reproduction

To reproduce this vulnerability, send a POST request to the application's log export endpoint, including a file path parameter that specifies the target file to be overwritten. The application will replace the contents of the specified file with log data, effectively allowing for unauthorized modification of files on the system.

Remediation

Users are advised to update to the latest version of RICOH Streamline NX PC Client. For more information, contact a local Ricoh representative or dealer.