CVE-2023-38555

HIGH

Fujitsu network devices - Auth Bypass

Title source: llm

Description

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

References (2)

Core 2

Core References

Third Party Advisory

https://jvn.jp/en/vu/JVNVU96643580/

Vendor Advisory

https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/

Scores

CVSS v3 8.8

EPSS 0.0033

EPSS Percentile 24.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287

Status published

Products (16)

fujitsu/si-r220d_firmware

fujitsu/si-r370b_firmware

fujitsu/si-r570b_firmware

fujitsu/si-r_130b_firmware

fujitsu/si-r_30b_firmware

fujitsu/si-r_90brin_firmware

fujitsu/si-r_g100_firmware < 02.54

fujitsu/si-r_g100b_firmware < 04.12

fujitsu/si-r_g110b_firmware < 04.12

fujitsu/si-r_g120_firmware < 20.52

... and 6 more

Published Jul 26, 2023

Tracked Since Feb 18, 2026