CVE-2023-38433

Published: Jul 26, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

Affected (11)

Products: Fujitsu: Ip He950e Firmware, Ip He950d Firmware, Ip He900e Firmware, Ip He900d Firmware, Ip 900e Firmware, Ip 920e Firmware, Ip 900d Firmware, Ip 900iid Firmware, Ip 920d Firmware, Ip 90 Firmware, Ip 9610 Firmware

11 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip He950e Firmware	From v01l001 to v01l053

Running on/with	Platform Versions
Fujitsu Ip He950e	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip He950d Firmware	From v01l001 to v01l053

Running on/with	Platform Versions
Fujitsu Ip He950d	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip He900e Firmware	From v01l001 to v01l010

Running on/with	Platform Versions
Fujitsu Ip He900e	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip He900d Firmware	From v01l001 to v01l004

Running on/with	Platform Versions
Fujitsu Ip He900d	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip 900e Firmware	From v01l001 to v02l061

Running on/with	Platform Versions
Fujitsu Ip 900e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip 920e Firmware	From v01l001 to v02l061

Running on/with	Platform Versions
Fujitsu Ip 920e	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip 900d Firmware	From v01l001 to v02l061

Running on/with	Platform Versions
Fujitsu Ip 900d	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip 900iid Firmware	From v01l001 to v02l061

Running on/with	Platform Versions
Fujitsu Ip 900iid	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip 920d Firmware	From v01l001 to v02l061

Running on/with	Platform Versions
Fujitsu Ip 920d	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip 90 Firmware	From v01l001 to v01l013

Running on/with	Platform Versions
Fujitsu Ip 90	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ip 9610 Firmware	From v01l001 to v02l007

Running on/with	Platform Versions
Fujitsu Ip 9610	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://jvn.jp/en/jp/JVN95727578/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.fujitsu.com/global/products/computing/peripheral/video/download/

Source: vultures@jpcert.or.jp

Product

https://jvn.jp/en/jp/JVN95727578/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.fujitsu.com/global/products/computing/peripheral/video/download/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.