[Japanese]
|
JVNDB-2023-000074
|
Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
|
Real-time Video Transmission Gear "IP series" provided by Fujitsu Limited uses a hard-coded credentials (CWE-798) .
The product's credentials for factory testing may be obtained by reverse engineering and others.
Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fujitsu Limited coordinated under the Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 5.9 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
FUJITSU
- IP-90 firmware firmware versions V01L001 to V01L013
- IP-900D firmware firmware versions V01L001 to V02L061
- IP-900E firmware firmware versions V01L001 to V02L061
- IP-900 2 D firmware firmware versions V01L001 to V02L061
- IP-920D firmware firmware versions V01L001 to V02L061
- IP-920E firmware firmware versions V01L001 to V02L061
- IP-9610 firmware firmware versions V01L001 to V02L007
- IP-HE900D firmware firmware versions V01L001 to V01L004
- IP-HE900E firmware firmware versions V01L001 to V01L010
- IP-HE950D firmware firmware versions V01L001 to V01L053
- IP-HE950E firmware firmware versions V01L001 to V01L053
|
|
An attacker who log in to the web interface using the obtained credentials may initialize or reboot the products, and as a result, terminate the video transmission.
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
[Apply a workaround]
Applying a following workaround may mitigate the impacts of this vulnerability.
* Place the products on a secure network
|
FUJITSU
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2023-38433
|
- JVN : JVN#95727578
- National Vulnerability Database (NVD) : CVE-2023-38433
- ICS-CERT ADVISORY : ICSA-23-248-01
|
- [2023/07/26]
Web page was published
- [2023/09/06]
References : Content was added
- [2024/04/12]
References : Content was added
|