var-202106-1498
Vulnerability from variot
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. plural CHIYU Technology The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bf-431",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-430",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-830w",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d2 n300",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d2",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d4",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s1 osdp",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s3v3",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "webpass",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-630",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-631w",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s2",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-450m",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d1",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-430",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s3v3",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s2",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d2 n300",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d2",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d1",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-431",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d4",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-450m",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s1 osdp",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"cve": "CVE-2021-31252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-31252",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-31252",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-31252",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31252",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-31252",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-372",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. plural CHIYU Technology The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31252",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007455",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"id": "VAR-202106-1498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8
},
"last_update_date": "2024-08-14T15:01:27.028000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware\u00a0update",
"trust": 0.8,
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.0
},
{
"problemtype": "Open redirect (CWE-601) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.chiyu-tech.com/msg/message-firmware-update-87.html"
},
{
"trust": 1.6,
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"trust": 1.6,
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31252"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"date": "2021-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"date": "2021-06-04T21:15:07.547000",
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"date": "2021-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"date": "2021-06-08T20:19:11.527000",
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CHIYU\u00a0Technology\u00a0 Open redirect vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.