CVE-2023-38433

HIGH EXPLOITED NUCLEI

Fujitsu Real-time Video Transmission Gear - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-38433 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

Nuclei Templates (1)

Fujitsu IP Series - Hardcoded Credentials
HIGHVERIFIEDby AdnaneKhan
Shodan: "Server: thttpd/2.25b 29dec2003" content-length:1133 || "server: thttpd/2.25b 29dec2003" content-length:1133

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0299
EPSS Percentile 85.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2025-08-17
CWE
CWE-798
Status published
Products (11)
fujitsu/ip-900d_firmware v01l001 - v02l061
fujitsu/ip-900e_firmware v01l001 - v02l061
fujitsu/ip-900iid_firmware v01l001 - v02l061
fujitsu/ip-90_firmware v01l001 - v01l013
fujitsu/ip-920d_firmware v01l001 - v02l061
fujitsu/ip-920e_firmware v01l001 - v02l061
fujitsu/ip-9610_firmware v01l001 - v02l007
fujitsu/ip-he900d_firmware v01l001 - v01l004
fujitsu/ip-he900e_firmware v01l001 - v01l010
fujitsu/ip-he950d_firmware v01l001 - v01l053
... and 1 more
Published Jul 26, 2023
Tracked Since Feb 18, 2026