CVE-2023-38433

Name of the Vulnerable Software and Affected Versions Fujitsu Real-time Video Transmission Gear "IP series" versions V01L001 to V02L061 Fujitsu IP-HE950E firmware versions V01L001 to V01L053 Fujitsu IP-HE950D firmware versions V01L001 to V01L053 Fujitsu IP-HE900E firmware versions V01L001 to V01L010 Fujitsu IP-HE900D firmware versions V01L001 to V01L004 Fujitsu IP-900E / IP-920E firmware versions V01L001 to V02L061 Fujitsu IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061 Fujitsu IP-90 firmware versions V01L001 to V01L013 Fujitsu IP-9610 firmware versions V01L001 to V02L007

Description The issue is related to the use of hard-coded credentials in the microprogram software of Fujitsu's IP series devices for real-time video viewing. This may allow a remote unauthenticated attacker to initialize or reboot the products and terminate video transmission.

Recommendations For Fujitsu IP-HE950E firmware versions V01L001 to V01L053, update the firmware to a version that does not use hard-coded credentials. For Fujitsu IP-HE950D firmware versions V01L001 to V01L053, update the firmware to a version that does not use hard-coded credentials. For Fujitsu IP-HE900E firmware versions V01L001 to V01L010, update the firmware to a version that does not use hard-coded credentials. For Fujitsu IP-HE900D firmware versions V01L001 to V01L004, update the firmware to a version that does not use hard-coded credentials. For Fujitsu IP-900E / IP-920E firmware versions V01L001 to V02L061, update the firmware to a version that does not use hard-coded credentials. For Fujitsu IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, update the firmware to a version that does not use hard-coded credentials. For Fujitsu IP-90 firmware versions V01L001 to V01L013, update the firmware to a version that does not use hard-coded credentials. For Fujitsu IP-9610 firmware versions V01L001 to V02L007, update the firmware to a version that does not use hard-coded credentials.