PT-2021-19459 · Chiyu Technology · Bf-631+4

Published

2021-06-01

Updated

2021-06-08

CVE-2021-31643

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions CHIYU Technology IoT devices, including SEMAC, Biosense, BF-630, BF-631, and Webpass (affected versions not specified)

Description An issue exists due to a lack of sanitization on the "if.cgi" component, specifically the username parameter. This affects several IoT devices from CHIYU Technology.

Recommendations For all affected devices, consider restricting access to the "if.cgi" component until a fix is available. As a temporary workaround, avoid using the username parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-31643

Affected Products

Bf-630

Bf-631

Biosense

Semac

Webpass

PT-2021-19459 · Chiyu Technology · Bf-631+4

CVE-2021-31643

Weakness Enumeration

Related Identifiers

Affected Products

References · 7