CVE-2023-38433

HIGH EXPLOITED NUCLEI

Fujitsu Real-time Video Transmission Gear - RCE

Title source: llm

Description

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

Nuclei Templates (1)

Fujitsu IP Series - Hardcoded Credentials

HIGHVERIFIEDby AdnaneKhan

Shodan: "Server: thttpd/2.25b 29dec2003" content-length:1133 || "server: thttpd/2.25b 29dec2003" content-length:1133

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN95727578/

[Product] https://www.fujitsu.com/global/products/computing/peripheral/video/download/

Scores

CVSS v3 7.5

EPSS 0.5320

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

VulnCheck KEV 2025-08-17

CWE

CWE-798

Status published

Products (11)

fujitsu/ip-900d_firmware v01l001 - v02l061

fujitsu/ip-900e_firmware v01l001 - v02l061

fujitsu/ip-900iid_firmware v01l001 - v02l061

fujitsu/ip-90_firmware v01l001 - v01l013

fujitsu/ip-920d_firmware v01l001 - v02l061

fujitsu/ip-920e_firmware v01l001 - v02l061

fujitsu/ip-9610_firmware v01l001 - v02l007

fujitsu/ip-he900d_firmware v01l001 - v01l004

fujitsu/ip-he900e_firmware v01l001 - v01l010

fujitsu/ip-he950d_firmware v01l001 - v01l053

... and 1 more

Published Jul 26, 2023

Tracked Since Feb 18, 2026