Japan Vulnerability NotesJVN:95727578JVN#95727578: Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
68.9%
Real-time Video Transmission Gear âIP seriesâ provided by Fujitsu Limited uses a hard-coded credentials (CWE-798) .
The productâs credentials for factory testing may be obtained by reverse engineering and others.
Impact
An attacker who log in to the web interface using the obtained credentials may initialize or reboot the products, and as a result, terminate the video transmission.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply a workaround
Applying a following workaround may mitigate the impacts of this vulnerability.
- Place the products on a secure network
Products Affected
- IP-HE950E firmware versions V01L001 to V01L053
- IP-HE950D firmware versions V01L001 to V01L053
- IP-HE900E firmware versions V01L001 to V01L010
- IP-HE900D firmware versions V01L001 to V01L004
- IP-900E / IP-920E firmware versions V01L001 to V02L061
- IP-900D / IP-900â ĄD / IP-920D firmware versions V01L001 to V02L061
- IP-90 firmware versions V01L001 to V01L013
- IP-9610 firmware versions V01L001 to V02L007
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
68.9%