Remote Code Execution Risk in Fujitsu Real-Time Video Transmission Gear
CVE-2023-38433

7.5HIGH

Key Information:

Vendor: Fujitsu Limited
Status: IP-HE950E; IP-HE950D; IP-HE900E; IP-HE900D
Vendor: CVE Published:; 26 July 2023

🔔 Create Fujitsu Limited Vulnerability Alert

What is CVE-2023-38433?

Fujitsu's Real-time Video Transmission Gear, specifically the IP series, is susceptible to a vulnerability where hard-coded credentials are employed. This security flaw may enable a remote unauthorized attacker to initialize or reboot affected devices, disrupting video transmission services. Firmware versions V01L001 to V01L053 for models IP-HE950E and IP-HE950D, alongside several others across the IP-HE900 and IP-900 series, are affected. For further information and updates, users are advised to consult Fujitsu's official support channels.

Affected Version(s)

IP-90 firmware versions V01L001 to V01L013

IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061

IP-900E / IP-920E firmware versions V01L001 to V02L061

References

https://www.fujitsu.com/global/products/computing/periphe...

https://jvn.jp/en/jp/JVN95727578/

EPSS Score

53% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Jul 18, 2023

JSON