CVE-2023-38433

High PUBLISHED

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize...

Fujitsu Limited · IP-HE950E, IP-HE950D, IP-HE900E, IP-HE900D, IP-900E / IP-920E, IP-900D / IP-900ⅡD / IP-920D, IP-90, IP-9610

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
7.5 High

At a Glance

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

nuclei_scanner
CVE Published
Jul 26, 2023
Exploitation Reported
Jul 26, 2023
CVSS
7.5 High
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
fujitsu
ip-he950e

V01L001 to <= V01L053

Affected
fujitsu
ip-he950d_firmware

v01l001 to <= V01L053

Affected
fujitsu
ip-he900e_firmware

v01l001 to <= V01L010

Affected
fujitsu
ip-he900d_firmware

v01l001 to <= V01L004

Affected
fujitsu
ip-900e_firmware

v01l001 to <= V02L061

Affected
fujitsu
ip-920e_firmware

v01l001 to <= V02L061

Affected
fujitsu
ip-900d_firmware

v01l001 to <= V02L061

Affected
fujitsu
ip-900iid_firmware

v01l001 to <= V02L061

Affected
fujitsu
ip-920d_firmware

v01l001 to <= V02L061

Affected
fujitsu
ip-90

V01L001 to <= V01L013

Affected
fujitsu
ip-9610_firmware

v01l001 to <= V02L007

Affected
Fujitsu Limited
IP-HE950E

firmware versions V01L001 to V01L053

Affected
Fujitsu Limited
IP-HE950D

firmware versions V01L001 to V01L053

Affected
Fujitsu Limited
IP-HE900E

firmware versions V01L001 to V01L010

Affected
Fujitsu Limited
IP-HE900D

firmware versions V01L001 to V01L004

Affected
Fujitsu Limited
IP-900E / IP-920E

firmware versions V01L001 to V02L061

Affected
Fujitsu Limited
IP-900D / IP-900ⅡD / IP-920D

firmware versions V01L001 to V02L061

Affected
Fujitsu Limited
IP-90

firmware versions V01L001 to V01L013

Affected
Fujitsu Limited
IP-9610

firmware versions V01L001 to V02L007

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.