Filtered by vendor Chiyu-tech
Subscribe
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31643 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. | |||||
CVE-2021-31642 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. | |||||
CVE-2021-31641 | 1 Chiyu-tech | 30 Bf-430, Bf-430 Firmware, Bf-431 and 27 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. | |||||
CVE-2021-31252 | 1 Chiyu-tech | 28 Bf-430, Bf-430 Firmware, Bf-431 and 25 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. | |||||
CVE-2021-31251 | 1 Chiyu-tech | 20 Bf-430, Bf-430 Firmware, Bf-431 and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated. | |||||
CVE-2021-31250 | 1 Chiyu-tech | 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi. | |||||
CVE-2021-31249 | 1 Chiyu-tech | 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components. |