CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 2CVE-2021-31252
https://notcve.org/view.php?id=CVE-2021-31252
04 Jun 2021 — An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. Se presenta una vulnerabilidad de redireccionamiento abierto en los dispositivos BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass y SEMAC de CHIYU Technology que puede ser explotada mediante el envío de un enlace con una URL especialmente diseñada par... • https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 28%CPEs: 20EXPL: 4CVE-2021-31251 – CHIYU IoT Devices - 'Telnet' Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-31251
03 Jun 2021 — An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated. Una omisión de autenticación en el servidor telnet de los convertidores TCP/IP BF-430 y BF431 232/422, BF-450M y SEMAC de CHIYU Technology Inc,. permite obtener una conex... • https://packetstorm.news/files/id/162933 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 2%CPEs: 22EXPL: 5CVE-2021-31642 – CHIYU IoT Devices - Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2021-31642
01 Jun 2021 — A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. Se presenta una condición de denegación de servicio tras un desbordamiento de enteros en varios dispositivos IoT de CHIYU Technology, incluyendo BIOSENSE, ... • https://packetstorm.news/files/id/162934 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 6%CPEs: 30EXPL: 4CVE-2021-31641 – CHIYU IoT Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-31641
01 Jun 2021 — An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. Se presenta una vulnerabilidad de tipo XSS no autenticada en varios dispositivos IoT de CHIYU Technology, incluyendo BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, y SEMAC debido a una falta de sanitización cuando es generado el mensaje ... • https://packetstorm.news/files/id/162887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 13%CPEs: 22EXPL: 4CVE-2021-31643 – CHIYU IoT Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-31643
01 Jun 2021 — An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. Se presenta una vulnerabilidad de tipo XSS en varios dispositivos IoT de CHIYU Technology, incluyendo SEMAC, Biosense, BF-630, BF-631 y Webpass, debido a una falta de sanitización en el component if.cgi - parámetro username CHIYU IoT devices suffer from multiple cross site scripting vulnerabilities. Versio... • https://packetstorm.news/files/id/162887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •