CVE-2023-38433

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fujitsuip-he950e
V01L001 ≤
𝑥
≤ V01L053
ADP
fujitsuip-he950d_firmware
v01l001 ≤
𝑥
≤ V01L053
ADP
fujitsuip-he900e_firmware
v01l001 ≤
𝑥
≤ V01L010
ADP
fujitsuip-he900d_firmware
v01l001 ≤
𝑥
≤ V01L004
ADP
fujitsuip-900e_firmware
v01l001 ≤
𝑥
≤ V02L061
ADP
fujitsuip-920e_firmware
v01l001 ≤
𝑥
≤ V02L061
ADP
fujitsuip-900d_firmware
v01l001 ≤
𝑥
≤ V02L061
ADP
fujitsuip-900iid_firmware
v01l001 ≤
𝑥
≤ V02L061
ADP
fujitsuip-920d_firmware
v01l001 ≤
𝑥
≤ V02L061
ADP
fujitsuip-90
V01L001 ≤
𝑥
≤ V01L013
ADP
fujitsuip-9610_firmware
v01l001 ≤
𝑥
≤ V02L007
ADP
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN95727578/
https://www.fujitsu.com/global/products/computing/peripheral/video/download/
https://jvn.jp/en/jp/JVN95727578/
https://www.fujitsu.com/global/products/computing/peripheral/video/download/