Vulnerabilities > Chiyu Tech

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2021-31249 Injection vulnerability in Chiyu-Tech Bf-430 Firmware, Bf-431 Firmware and Bf-450M Firmware
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
network
low complexity
chiyu-tech CWE-74
6.5
2021-06-04 CVE-2021-31250 Cross-site Scripting vulnerability in Chiyu-Tech Bf-430 Firmware, Bf-431 Firmware and Bf-450M Firmware
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
network
low complexity
chiyu-tech CWE-79
5.4
2021-06-04 CVE-2021-31251 Improper Authentication vulnerability in Chiyu-Tech products
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
network
low complexity
chiyu-tech CWE-287
critical
9.8
2021-06-04 CVE-2021-31252 Open Redirect vulnerability in Chiyu-Tech products
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
network
low complexity
chiyu-tech CWE-601
6.1
2021-06-01 CVE-2021-31641 Cross-site Scripting vulnerability in Chiyu-Tech products
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
network
low complexity
chiyu-tech CWE-79
6.1
2021-06-01 CVE-2021-31642 Integer Overflow or Wraparound vulnerability in Chiyu-Tech products
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC.
network
low complexity
chiyu-tech CWE-190
6.5
2021-06-01 CVE-2021-31643 Cross-site Scripting vulnerability in Chiyu-Tech products
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.
network
low complexity
chiyu-tech CWE-79
5.4