CVE-2023-38433

Summary

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

Affected Software

VendorProductVersion RangeStatus
Fujitsu LimitedIP-HE950Efirmware versions V01L001 to V01L053affected
Fujitsu LimitedIP-HE950Dfirmware versions V01L001 to V01L053affected
Fujitsu LimitedIP-HE900Efirmware versions V01L001 to V01L010affected
Fujitsu LimitedIP-HE900Dfirmware versions V01L001 to V01L004affected
Fujitsu LimitedIP-900E / IP-920Efirmware versions V01L001 to V02L061affected
Fujitsu LimitedIP-900D / IP-900ⅡD / IP-920Dfirmware versions V01L001 to V02L061affected
Fujitsu LimitedIP-90firmware versions V01L001 to V01L013affected
Fujitsu LimitedIP-9610firmware versions V01L001 to V02L007affected

Weaknesses

  • Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References