Summary
Detail | |||
---|---|---|---|
Vendor | Chiyu-Tech | First view | 2021-06-01 |
Product | Bf-630 Firmware | Last view | 2021-06-04 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:* | 4 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.1 | 2021-06-04 | CVE-2021-31252 | An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. |
5.4 | 2021-06-01 | CVE-2021-31643 | An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. |
6.5 | 2021-06-01 | CVE-2021-31642 | A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. |
6.1 | 2021-06-01 | CVE-2021-31641 | An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
25% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
25% (1) | CWE-190 | Integer Overflow or Wraparound |