PT-2021-19457 · Chiyu Technology · Bf-630+9

Published

2021-06-01

Updated

2021-06-08

CVE-2021-31641

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions CHIYU Technology IoT devices, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC (affected versions not specified)

Description An unauthenticated XSS issue exists due to a lack of sanitization when the HTTP 404 message is generated. This affects several IoT devices from CHIYU Technology.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-31641

Affected Products

Bf-430

Bf-431

Bf-450M

Bf-630

Bf-Mini-W

Bf631-W

Bf830-W

Chiyu Technology Iot Devices

Semac

Webpass

PT-2021-19457 · Chiyu Technology · Bf-630+9

CVE-2021-31641

Weakness Enumeration

Related Identifiers

Affected Products

References · 7