SB2023072616 - Information disclosure in Fujitsu IP series Web UI

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of hard-coded credentials (CVE-ID: CVE-2023-38433)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to presence of hard-coded credentials in Real-time Video Transmission Gear "IP series". A remote unauthenticated attacker can obtain credentials for factory testing

Remediation

Install update from vendor's website.

References

• https://jvn.jp/en/jp/JVN95727578/index.html
• https://www.fujitsu.com/global/documents/products/computing/peripheral/video/download/Web_UI_vulnerability.pdf