Published:2023/07/26  Last Updated:2023/08/02

Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass


Multiple network devices Si-R series and SR-M series provided by Fujitsu Limited contain an authentication bypass vulnerability.

Products Affected

  • Si-R series
    • Si-R 30B all versions
    • Si-R 130B all versions
    • Si-R 90brin all versions
  • Si-R V35 series
    • Si-R570B all versions
    • Si-R370B all versions
    • Si-R220D all versions
  • Si-RG V2 series
    • Si-R G100 V02.54 and earlier
    • Si-R G200 V02.54 and earlier
  • Si-RG V4 series
    • Si-R G100B V04.12 and earlier
    • Si-R G110B V04.12 and earlier
    • Si-R G200B V04.12 and earlier
  • Si-RG V20 series
    • Si-R G210 V20.52 and earlier
    • Si-R G211 V20.52 and earlier
    • Si-R G120 V20.52 and earlier
    • Si-R G121 V20.52 and earlier
  • SR-M series
    • SR-M 50AP1 all versions


The web management interface of Fujitsu network devices Si-R series and SR-M series contains an authentication bypass vulnerability (CWE-287CVE-2023-38555).


An attacker who can access the product may obtain the product's configuration information or change/reset the configuration settings.


Update the firmware
Update firmware to the latest version according to the information provided by the developer.
The vulnerability has been addressed in the following firmware versions.

  • Si-RG V2 series
    • Si-R G100 V02.55 or later
    • Si-R G200 V02.55 or later
  • Si-RG V4 series
    • Si-R G100B V04.13 or later
    • Si-R G110B V04.13 or later
    • Si-R G200B V04.13 or later
  • Si-RG V20 series
    • Si-R G210 V20.53 or later
    • Si-R G211 V20.53 or later
    • Si-R G120 V20.53 or later
    • Si-R G121 V20.53 or later

Apply the workarounds
Applying the following workarounds may mitigate the impacts of this vulnerability.
  • Change the product's settings to disable HTTP/HTTPS functions
  • Do not use the web management interface of the affected products
To apply the workaround for Si-R 30B or Si-R 130B, the firmware must be updated to the following versions.
  • Si-R 30B V02.05
  • Si-R 130B V04.09
For the details, refer to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Fujitsu Limited Vulnerable 2023/07/26 Fujitsu Limited website


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Base Score: 6.4
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
Base Score: 5.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)


Katsuhiko Sato (a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2023-38555
JVN iPedia

Update History

Information under the section [Solution] was updated