CVE-2023-38433

Description

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

References

Link	Tags
https://www.fujitsu.com/global/products/computing/peripheral/video/download/	product
https://jvn.jp/en/jp/JVN95727578/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-38433?: CVE-2023-38433 has been scored as a high severity vulnerability.
How to fix CVE-2023-38433?: To fix CVE-2023-38433, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-38433 being actively exploited in the wild?: It is possible that CVE-2023-38433 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~59% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-38433?: CVE-2023-38433 affects Fujitsu Limited IP-HE950E, Fujitsu Limited IP-HE950D, Fujitsu Limited IP-HE900E, Fujitsu Limited IP-HE900D, Fujitsu Limited IP-900E / IP-920E, Fujitsu Limited IP-900D / IP-900ⅡD / IP-920D, Fujitsu Limited IP-90, Fujitsu Limited IP-9610.

Description

Category

CWE-798 – Use of Hard-coded Credentials

References

Frequently Asked Questions