Vulnerabilities (CVE)

Filtered by vendor Chiyu-tech Subscribe
Filtered by product Bf-630
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31643 1 Chiyu-tech 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more 2024-11-21 3.5 LOW 5.4 MEDIUM
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.
CVE-2021-31642 1 Chiyu-tech 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.
CVE-2021-31641 1 Chiyu-tech 30 Bf-430, Bf-430 Firmware, Bf-431 and 27 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
CVE-2021-31252 1 Chiyu-tech 28 Bf-430, Bf-430 Firmware, Bf-431 and 25 more 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.