Vulnerabilites related to chiyu-tech - bf-430
cve-2021-31251
Vulnerability from cvelistv5
Published
2021-06-04 20:25
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T20:25:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html",
"refsource": "CONFIRM",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251",
"refsource": "MISC",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251"
},
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU",
"refsource": "MISC",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31251",
"datePublished": "2021-06-04T20:25:52",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31641
Vulnerability from cvelistv5
Published
2021-06-01 14:11
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLY_lXmSlPY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T16:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLY_lXmSlPY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641",
"refsource": "MISC",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641"
},
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLY_lXmSlPY",
"refsource": "MISC",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLY_lXmSlPY"
},
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html",
"refsource": "MISC",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"name": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31641",
"datePublished": "2021-06-01T14:11:39",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31250
Vulnerability from cvelistv5
Published
2021-06-04 20:28
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T20:28:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/",
"refsource": "MISC",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250",
"refsource": "MISC",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250"
},
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm",
"refsource": "MISC",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31250",
"datePublished": "2021-06-04T20:28:06",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31252
Vulnerability from cvelistv5
Published
2021-06-04 20:21
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T20:22:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/",
"refsource": "MISC",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252",
"refsource": "MISC",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252"
},
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html",
"refsource": "CONFIRM",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31252",
"datePublished": "2021-06-04T20:21:47",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31249
Vulnerability from cvelistv5
Published
2021-06-04 20:29
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:52.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T20:29:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/",
"refsource": "MISC",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html",
"refsource": "MISC",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249",
"refsource": "MISC",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31249",
"datePublished": "2021-06-04T20:29:58",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:52.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-06-04 21:15
Modified
2024-11-21 06:05
Severity ?
Summary
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0C36F7-25D5-4A51-B312-C924362A8A29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E3D910-0317-4B0B-BB33-15B86AB3E4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C137757C-105F-400D-93F3-4620975011B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BF3F3D-7752-492B-87E9-949AFA19F85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5039F6C-F563-4944-A977-0D79BC6E2B17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD504C8D-7E80-48EF-B3F6-93FC6AEE031E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E605EBAB-D5F9-43A8-8096-DA62A4295A92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDAC8B2A-8AB4-4EAB-84D5-526F89C8D9B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B14981-FCEA-45FC-896F-7677BEB7A8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59C613EE-4884-4CD6-B4BA-AF41FD26DB35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10BBB47A-E6EF-4EE5-A74C-F7766004880B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7123F403-1044-4ECC-A6F8-AB8E0173432B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A0946C-6A4F-4A9E-9D7C-702A74236C89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4E3539-D33A-48E1-8B09-4D010BEAC9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF097E2D-8F46-4EE0-9C0E-449EDC5FE373",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "231A210D-7A72-4E54-BF7D-2594F2735D68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52481D14-6CDD-4D28-ACEB-83EC3FAC7F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24D35D62-9633-410F-9D2D-FD61CD5A820B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B982FDE3-0F08-46F8-8A50-BB5650AA5076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "965D6B8E-A7E7-40B3-A4C3-4942E61491A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD54F1-95A0-4014-8466-E29B5F819B7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49BA7B09-A81C-4B8C-A50C-9F58B53903A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-631w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC21975-BA3F-4200-B7BF-04987C7ED69E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-631w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "332535E9-97E4-485B-BE42-3BFE874F45C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-830w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1A71AC-F29F-4024-8E04-1AC2B4F60FA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-830w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B095553C-ACAC-410B-8130-4A8EF60B8FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D66FE82-1351-4532-811F-ED7C98B0FFA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE455A8-8F52-4F08-9ED6-D4A081CFC185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de redireccionamiento abierto en los dispositivos BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass y SEMAC de CHIYU Technology que puede ser explotada mediante el env\u00edo de un enlace con una URL especialmente dise\u00f1ada para convencer al usuario de que haga clic en ella"
}
],
"id": "CVE-2021-31252",
"lastModified": "2024-11-21T06:05:22.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T21:15:07.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-01 15:15
Modified
2024-11-21 06:06
Severity ?
Summary
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0C36F7-25D5-4A51-B312-C924362A8A29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E3D910-0317-4B0B-BB33-15B86AB3E4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C137757C-105F-400D-93F3-4620975011B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BF3F3D-7752-492B-87E9-949AFA19F85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5039F6C-F563-4944-A977-0D79BC6E2B17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD504C8D-7E80-48EF-B3F6-93FC6AEE031E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E605EBAB-D5F9-43A8-8096-DA62A4295A92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDAC8B2A-8AB4-4EAB-84D5-526F89C8D9B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B14981-FCEA-45FC-896F-7677BEB7A8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59C613EE-4884-4CD6-B4BA-AF41FD26DB35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10BBB47A-E6EF-4EE5-A74C-F7766004880B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7123F403-1044-4ECC-A6F8-AB8E0173432B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A0946C-6A4F-4A9E-9D7C-702A74236C89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4E3539-D33A-48E1-8B09-4D010BEAC9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF097E2D-8F46-4EE0-9C0E-449EDC5FE373",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "231A210D-7A72-4E54-BF7D-2594F2735D68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52481D14-6CDD-4D28-ACEB-83EC3FAC7F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24D35D62-9633-410F-9D2D-FD61CD5A820B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B982FDE3-0F08-46F8-8A50-BB5650AA5076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "965D6B8E-A7E7-40B3-A4C3-4942E61491A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD54F1-95A0-4014-8466-E29B5F819B7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49BA7B09-A81C-4B8C-A50C-9F58B53903A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-631w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC21975-BA3F-4200-B7BF-04987C7ED69E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-631w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "332535E9-97E4-485B-BE42-3BFE874F45C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-830w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1A71AC-F29F-4024-8E04-1AC2B4F60FA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-830w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B095553C-ACAC-410B-8130-4A8EF60B8FFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D66FE82-1351-4532-811F-ED7C98B0FFA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE455A8-8F52-4F08-9ED6-D4A081CFC185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bfminiw_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8895F0CE-84D5-4732-B7E0-F6F326B48D21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bfminiw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01E77E68-34E7-4B58-BA98-CD070486865A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS no autenticada en varios dispositivos IoT de CHIYU Technology, incluyendo BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, y SEMAC debido a una falta de sanitizaci\u00f3n cuando es generado el mensaje HTTP 404"
}
],
"id": "CVE-2021-31641",
"lastModified": "2024-11-21T06:06:03.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-01T15:15:07.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLY_lXmSlPY"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLY_lXmSlPY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 21:15
Modified
2024-11-21 06:05
Severity ?
Summary
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chiyu-tech | bf-430_firmware | - | |
| chiyu-tech | bf-430 | - | |
| chiyu-tech | bf-431_firmware | - | |
| chiyu-tech | bf-431 | - | |
| chiyu-tech | bf-450m_firmware | - | |
| chiyu-tech | bf-450m | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0C36F7-25D5-4A51-B312-C924362A8A29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E3D910-0317-4B0B-BB33-15B86AB3E4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C137757C-105F-400D-93F3-4620975011B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BF3F3D-7752-492B-87E9-949AFA19F85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5039F6C-F563-4944-A977-0D79BC6E2B17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD504C8D-7E80-48EF-B3F6-93FC6AEE031E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n de tipo CRLF en los dispositivos convertidores TCP/IP BF-430, BF-431 y BF-450M de CHIYU Technology Inc debido a una falta de comprobaci\u00f3n en el par\u00e1metro redirect= disponible en m\u00faltiples componentes CGI"
}
],
"id": "CVE-2021-31249",
"lastModified": "2024-11-21T06:05:21.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T21:15:07.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 21:15
Modified
2024-11-21 06:05
Severity ?
Summary
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chiyu-tech | bf-430_firmware | - | |
| chiyu-tech | bf-430 | - | |
| chiyu-tech | bf-431_firmware | - | |
| chiyu-tech | bf-431 | - | |
| chiyu-tech | bf-450m_firmware | - | |
| chiyu-tech | bf-450m | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0C36F7-25D5-4A51-B312-C924362A8A29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E3D910-0317-4B0B-BB33-15B86AB3E4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C137757C-105F-400D-93F3-4620975011B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BF3F3D-7752-492B-87E9-949AFA19F85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5039F6C-F563-4944-A977-0D79BC6E2B17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD504C8D-7E80-48EF-B3F6-93FC6AEE031E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi."
},
{
"lang": "es",
"value": "Se detectaron m\u00faltiples vulnerabilidades de tipo XSS de almacenamiento en los dispositivos convertidores TCP/IP BF-430, BF-431 y BF-450M de CHIYU Technology Inc, debido a una falta de saneamiento de la entrada en los componentes man.cgi, if.cgi, dhcpc.cgi, ppp.cgi"
}
],
"id": "CVE-2021-31250",
"lastModified": "2024-11-21T06:05:21.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T21:15:07.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 21:15
Modified
2024-11-21 06:05
Severity ?
Summary
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0C36F7-25D5-4A51-B312-C924362A8A29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E3D910-0317-4B0B-BB33-15B86AB3E4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C137757C-105F-400D-93F3-4620975011B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BF3F3D-7752-492B-87E9-949AFA19F85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5039F6C-F563-4944-A977-0D79BC6E2B17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD504C8D-7E80-48EF-B3F6-93FC6AEE031E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E605EBAB-D5F9-43A8-8096-DA62A4295A92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDAC8B2A-8AB4-4EAB-84D5-526F89C8D9B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B14981-FCEA-45FC-896F-7677BEB7A8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59C613EE-4884-4CD6-B4BA-AF41FD26DB35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10BBB47A-E6EF-4EE5-A74C-F7766004880B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7123F403-1044-4ECC-A6F8-AB8E0173432B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A0946C-6A4F-4A9E-9D7C-702A74236C89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4E3539-D33A-48E1-8B09-4D010BEAC9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF097E2D-8F46-4EE0-9C0E-449EDC5FE373",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "231A210D-7A72-4E54-BF7D-2594F2735D68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52481D14-6CDD-4D28-ACEB-83EC3FAC7F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24D35D62-9633-410F-9D2D-FD61CD5A820B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B982FDE3-0F08-46F8-8A50-BB5650AA5076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "965D6B8E-A7E7-40B3-A4C3-4942E61491A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en el servidor telnet de los convertidores TCP/IP BF-430 y BF431 232/422, BF-450M y SEMAC de CHIYU Technology Inc,. permite obtener una conexi\u00f3n privilegiada con el dispositivo de destino al suministrar una petici\u00f3n especialmente malformada y un atacante puede forzar al servidor telnet remoto a creer que el usuario ya se ha autenticado"
}
],
"id": "CVE-2021-31251",
"lastModified": "2024-11-21T06:05:22.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T21:15:07.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}