CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 2CVE-2021-31252
https://notcve.org/view.php?id=CVE-2021-31252
04 Jun 2021 — An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. Se presenta una vulnerabilidad de redireccionamiento abierto en los dispositivos BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass y SEMAC de CHIYU Technology que puede ser explotada mediante el envío de un enlace con una URL especialmente diseñada par... • https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 2%CPEs: 22EXPL: 5CVE-2021-31642 – CHIYU IoT Devices - Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2021-31642
01 Jun 2021 — A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. Se presenta una condición de denegación de servicio tras un desbordamiento de enteros en varios dispositivos IoT de CHIYU Technology, incluyendo BIOSENSE, ... • https://packetstorm.news/files/id/162934 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 6%CPEs: 30EXPL: 4CVE-2021-31641 – CHIYU IoT Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-31641
01 Jun 2021 — An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. Se presenta una vulnerabilidad de tipo XSS no autenticada en varios dispositivos IoT de CHIYU Technology, incluyendo BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, y SEMAC debido a una falta de sanitización cuando es generado el mensaje ... • https://packetstorm.news/files/id/162887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 13%CPEs: 22EXPL: 4CVE-2021-31643 – CHIYU IoT Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-31643
01 Jun 2021 — An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. Se presenta una vulnerabilidad de tipo XSS en varios dispositivos IoT de CHIYU Technology, incluyendo SEMAC, Biosense, BF-630, BF-631 y Webpass, debido a una falta de sanitización en el component if.cgi - parámetro username CHIYU IoT devices suffer from multiple cross site scripting vulnerabilities. Versio... • https://packetstorm.news/files/id/162887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •