CVE-2021-31251

CHIYU IoT Devices - 'Telnet' Authentication Bypass

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.

Una omisión de autenticación en el servidor telnet de los convertidores TCP/IP BF-430 y BF431 232/422, BF-450M y SEMAC de CHIYU Technology Inc,. permite obtener una conexión privilegiada con el dispositivo de destino al suministrar una petición especialmente malformada y un atacante puede forzar al servidor telnet remoto a creer que el usuario ya se ha autenticado

Several IoT devices from the CHIYU Technology firm are vulnerable to a flaw that permits bypassing the telnet authentication process due to an overflow during the negotiation of the telnet protocol. Telnet authentication is bypassed by supplying a specially malformed request, and an attacker may force the remote telnet server to believe that the user has already authenticated. Several models are vulnerable, including BF-430, BF-431, BF-450M, and SEMAC with the most recent firmware versions.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-04-15 CVE Reserved
2021-06-03 CVE Published
2021-06-03 First Exploit
2024-08-03 CVE Updated
2025-02-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC
https://packetstorm.news/files/id/162933	2021-06-03
https://www.exploit-db.com/exploits/49936	2021-06-03
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251	2024-08-03
https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.chiyu-tech.com/msg/message-Firmware-update-87.html	2021-06-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Chiyu-tech Search vendor "Chiyu-tech"	Bf-430 Firmware Search vendor "Chiyu-tech" for product "Bf-430 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Bf-430 Search vendor "Chiyu-tech" for product "Bf-430"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Bf-431 Firmware Search vendor "Chiyu-tech" for product "Bf-431 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Bf-431 Search vendor "Chiyu-tech" for product "Bf-431"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Bf-450m Firmware Search vendor "Chiyu-tech" for product "Bf-450m Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Bf-450m Search vendor "Chiyu-tech" for product "Bf-450m"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Semac S2 Firmware Search vendor "Chiyu-tech" for product "Semac S2 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Semac S2 Search vendor "Chiyu-tech" for product "Semac S2"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Semac D1 Firmware Search vendor "Chiyu-tech" for product "Semac D1 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Semac D1 Search vendor "Chiyu-tech" for product "Semac D1"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Semac D2 Firmware Search vendor "Chiyu-tech" for product "Semac D2 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Semac D2 Search vendor "Chiyu-tech" for product "Semac D2"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Semac D4 Firmware Search vendor "Chiyu-tech" for product "Semac D4 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Semac D4 Search vendor "Chiyu-tech" for product "Semac D4"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Semac S3v3 Firmware Search vendor "Chiyu-tech" for product "Semac S3v3 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Semac S3v3 Search vendor "Chiyu-tech" for product "Semac S3v3"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Semac D2 N300 Firmware Search vendor "Chiyu-tech" for product "Semac D2 N300 Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Semac D2 N300 Search vendor "Chiyu-tech" for product "Semac D2 N300"	-	-	Safe
Chiyu-tech Search vendor "Chiyu-tech"	Semac S1 Osdp Firmware Search vendor "Chiyu-tech" for product "Semac S1 Osdp Firmware"	-	-	Affected	in	Chiyu-tech Search vendor "Chiyu-tech"	Semac S1 Osdp Search vendor "Chiyu-tech" for product "Semac S1 Osdp"	-	-	Safe