CVE-2021-31642

Name of the Vulnerable Software and Affected Versions CHIYU Technology BIOSENSE (affected versions not specified) CHIYU Technology Webpass (affected versions not specified) CHIYU Technology BF-630 (affected versions not specified) CHIYU Technology BF-631 (affected versions not specified) CHIYU Technology SEMAC (affected versions not specified)

Description A denial of service condition exists after an integer overflow in several IoT devices. The issue can be exploited by sending an unexpected integer (> 32 bits) on the page parameter, which will crash the web portal and make it unavailable until a reboot of the device.

Recommendations For CHIYU Technology BIOSENSE, consider restricting access to the web portal until a fix is available. For CHIYU Technology Webpass, avoid using the page parameter with unexpected integers until the issue is resolved. For CHIYU Technology BF-630, temporarily disable the web portal to prevent exploitation. For CHIYU Technology BF-631, restrict access to the web portal to minimize the risk of exploitation. For CHIYU Technology SEMAC, consider disabling the web portal until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.