Vulners
Lucene search
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vulnerability | 11 Feb 202000:00 | – | zdt |
 | CHIYU BF430 TCP IP Converter Cross-Site Scripting Vulnerability | 14 Feb 202000:00 | – | cnvd |
 | CVE-2020-8839 | 12 Feb 202014:42 | – | cve |
 | CVE-2020-8839 | 12 Feb 202014:42 | – | cvelist |
 | EUVD-2020-29682 | 7 Oct 202500:30 | – | euvd |
 | CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting | 11 Feb 202000:00 | – | exploitpack |
 | CVE-2020-8839 | 12 Feb 202015:15 | – | nvd |
 | CVE-2020-8839 | 12 Feb 202015:15 | – | osv |
 | CHIYU BF430 TCP IP Converter Cross Site Scripting | 11 Feb 202000:00 | – | packetstorm |
 | Cross site scripting | 12 Feb 202015:15 | – | prion |
10
# Exploit Title: CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
# Google Dork: In Shodan search engine, the filter is "CHIYU"
# Date: 2020-02-11
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.chiyu-t.com.tw/en/
# Version: BF430 232/485 TCP/IP Converter all versions prior to 1.16.00
# Tested on: It is a proprietary devices: https://www.chiyu-t.com.tw/en/product/rs485-to-tcp_ip-converter_BF-430.html
# CVE: CVE-2020-8839
# 1. Description:
# In CHIYU BF430 web page,
# user can modify the system configuration by access the /if.cgi.
# Attackers can inject malicious XSS code in "TF_submask" field.
# The XSS code will be stored in the database, so that causes a stored XSS vulnerability.
# 2. Proof of Concept:
# Access the /if.cgi of CHIYU BF430 232/485 TCP/IP Converter.
# Injecting the XSS code in parameter “TF_submask”:
# http://<Your Modem IP>/if.cgi?TF_submask=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E
==---------------------------------------------------------------
This email contains information that is for the sole use of the intended recipient and may be confidential or privileged. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of this email, or the contents of this email is prohibited. If you have received this email in error, please notify the sender of the error and delete the message. Thank you.
---------------------------------------------------------------==!!Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Feb 2020 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 24.3
CVSS 3.16.1
EPSS0.00851