Ip He950E Firmware
CVE-2023-38433
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.
AnalysisAI
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007. Affected products include: Fujitsu Ip-He950E Firmware, Fujitsu Ip-He950D Firmware, Fujitsu Ip-He900E Firmware, Fujitsu Ip-He900D Firmware, Fujitsu Ip-900E Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today