CVE-2021-31643

An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter...

EUVD-2021-18531

Malware in sbrugna...

EUVD-2021-18529

Malware in sbrugna...

EUVD-2021-18163

Malware in sbrugna...

EUVD-2021-18164

Malware in sbrugna...

CVE-2021-31249

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components...

CVE-2021-31250

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi...

Crlf injection

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components...

Cross site scripting

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi...

Open redirect

An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it...

CVE-2021-31249

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components...

CVE-2021-31249

CHIYU TCP/IP Converter BF-430, BF-431, and BF-450M devices are affected by CVE-2021-31249, a CRLF injection flaw stemming from insufficient validation of the redirect= parameter in multiple CGI components. Exploitation could lead to information disclosure, data modification, or unauthorized admin...

CVE-2021-31250

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi...

CVE-2021-31250

CHIYU TCP/IP Converter devices BF-430, BF-431 and BF-450M are affected by CVE-2021-31250 (XSS) due to insufficient input sanitization in several web components (man.cgi, if.cgi, dhcpc.cgi, ppp.cgi). Exploitation could allow a attacker to execute arbitrary JavaScript in a victim’s browser, with po...

CVE-2021-31252

The CVE-2021-31252 entry corresponds to an open redirect vulnerability in CHIYU Technology devices: BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC. According to the connected sources (NVD, CVE lists, CNNVD, PRION), the issue stems from an open redirect mechanism that can be...

多款Chiyu产品注入漏洞

The Chiyu CHIYU BF-430, etc. are all networking servers that provide communication for access control, time and attendance systems, and other devices from Chiyu Technology Chiyu Inc. of Taiwan, China. A security vulnerability exists in CHIYU Technology Inc's BF-430, BF-431, and BF-450M TCP/IP...

CHIYU IoT Denial Of Service

Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...

CHIYU IoT Telnet Authentication Bypass

Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, and SEMAC - all firmware...

CHYUI 授权问题漏洞

The Chiyu CHIYU BF-430 is a networking server that provides communication for access control, time and attendance systems, and other devices from Chiyu Technology Chiyu of Taiwan, China. A security vulnerability exists in various CHIYU products, which stems from the fact that the remote login...

CHIYU IoT Devices - (Telnet) Authentication Bypass Exploit

Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, and SEMAC - all firmware versions June 20...