CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 2CVE-2021-31252
https://notcve.org/view.php?id=CVE-2021-31252
04 Jun 2021 — An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. Se presenta una vulnerabilidad de redireccionamiento abierto en los dispositivos BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass y SEMAC de CHIYU Technology que puede ser explotada mediante el envío de un enlace con una URL especialmente diseñada par... • https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 6%CPEs: 30EXPL: 4CVE-2021-31641 – CHIYU IoT Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-31641
01 Jun 2021 — An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. Se presenta una vulnerabilidad de tipo XSS no autenticada en varios dispositivos IoT de CHIYU Technology, incluyendo BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, y SEMAC debido a una falta de sanitización cuando es generado el mensaje ... • https://packetstorm.news/files/id/162887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •