CVE-2023-38433
CVE-2023-38433
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 3.0%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
26 Jul 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.
Affected products
Fujitsu Limited · IP-90Fujitsu Limited · IP-900D / IP-900ⅡD / IP-920DFujitsu Limited · IP-900E / IP-920EFujitsu Limited · IP-9610Fujitsu Limited · IP-HE900DFujitsu Limited · IP-HE900EFujitsu Limited · IP-HE950DFujitsu Limited · IP-HE950EWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →