.. / CVE-2023-38433

Exploit for Fujitsu IP Series - Hardcoded Credentials (CVE-2023-38433)

Description:

Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.

Nuclei Template

View the template here CVE-2023-38433.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-38433.yaml
Copy

References:

https://www.praetorian.com/blog/fujitsu-ip-series-hard-coded-credentials
https://nvd.nist.gov/vuln/detail/CVE-2023-38433
https://www.cisa.gov/news-events/ics-advisories/icsa-23-248-01
https://jvn.jp/en/jp/JVN95727578
https://www.fujitsu.com/global/products/computing/peripheral/video/download