CVE-2023-38433

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38433
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN95727578/ Third Party Advisory
https://www.fujitsu.com/global/products/computing/peripheral/video/download/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fujitsu:ip-he950e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he950e:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:fujitsu:ip-he950d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he950d:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:fujitsu:ip-he900e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he900e:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:fujitsu:ip-he900d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he900d:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:fujitsu:ip-900e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:fujitsu:ip-920e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-920e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:fujitsu:ip-900d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900d:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:fujitsu:ip-900iid_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900iid:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:fujitsu:ip-920d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-920d:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:fujitsu:ip-90_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-90:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:fujitsu:ip-9610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-9610:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-07-26 08:15

Updated : 2023-11-07 04:17

NVD link : CVE-2023-38433

Mitre link : CVE-2023-38433

CVE.ORG link : CVE-2023-38433

JSON object : View

Products Affected

fujitsu

  • ip-he950e_firmware
  • ip-920e_firmware
  • ip-he950d
  • ip-900d_firmware
  • ip-90
  • ip-920d_firmware
  • ip-920e
  • ip-9610_firmware
  • ip-90_firmware
  • ip-he900e_firmware
  • ip-900e_firmware
  • ip-900d
  • ip-he900d
  • ip-900e
  • ip-he950e
  • ip-he950d_firmware
  • ip-he900d_firmware
  • ip-he900e
  • ip-900iid
  • ip-920d
  • ip-900iid_firmware
  • ip-9610
CWE
CWE-798

Use of Hard-coded Credentials