CVE-2021-31250

Name of the Vulnerable Software and Affected Versions CHIYU Technology Inc BF-430 CHIYU Technology Inc BF-431 CHIYU Technology Inc BF-450M

Description The issue is related to multiple storage XSS vulnerabilities discovered in certain devices from CHIYU Technology Inc. These vulnerabilities are caused by a lack of sanitization of the input on several components, including man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.

Recommendations For CHIYU Technology Inc BF-430, consider disabling access to the vulnerable components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi until a fix is available. For CHIYU Technology Inc BF-431, consider disabling access to the vulnerable components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi until a fix is available. For CHIYU Technology Inc BF-450M, consider disabling access to the vulnerable components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.