Search criteria
4 vulnerabilities found for bf-660c by chiyu
VAR-201508-0310
Vulnerability from variot - Updated: 2025-04-12 23:04Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. Chiyu The fingerprint authentication entrance / exit management system avoids authentication and sets the communication configuration. (1) Read or (2) There are vulnerabilities to be modified. Chiyu BF-660C fingerprint access-control devices is a network fingerprint access control attendance machine from Chiyou. The Chiyu BF-660C fingerprint access-control device has a security hole. An attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0310",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bf-660c",
"scope": null,
"trust": 2.0,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-660c",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630w",
"scope": null,
"trust": 0.6,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630",
"scope": null,
"trust": 0.6,
"vendor": "chiyu",
"version": null
},
{
"model": "technology bf-660c",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630w",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-843"
},
{
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:chiyutw:bf-660c",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "76140"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2871",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2871",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05152",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2871",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2871",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05152",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-843",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-843"
},
{
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. Chiyu The fingerprint authentication entrance / exit management system avoids authentication and sets the communication configuration. (1) Read or (2) There are vulnerabilities to be modified. Chiyu BF-660C fingerprint access-control devices is a network fingerprint access control attendance machine from Chiyou. The Chiyu BF-660C fingerprint access-control device has a security hole. \nAn attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2871"
},
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"db": "BID",
"id": "76140"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2015-2871",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU91647568",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003959",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05152",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201507-843",
"trust": 0.6
},
{
"db": "BID",
"id": "76140",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-843"
},
{
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"id": "VAR-201508-0310",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05152"
}
],
"trust": 1.3476190433333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05152"
}
]
},
"last_update_date": "2025-04-12T23:04:35.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Gallery",
"trust": 0.8,
"url": "http://www.chiyu-t.com.tw/pdt_list.asp?area=46\u0026cat=151"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/360431"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/80.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2871"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91647568/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2871"
},
{
"trust": 0.3,
"url": "http://www.chiyu-t.com.tw"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-843"
},
{
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-843"
},
{
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"date": "2015-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-843"
},
{
"date": "2015-08-01T01:59:12.927000",
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05152"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003959"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-843"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2871"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-843"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chiyu Technology fingerprint access control contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-843"
}
],
"trust": 0.6
}
}
VAR-201508-0309
Vulnerability from variot - Updated: 2025-04-12 23:04Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine. An attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bf-630",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-630w",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-660c",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-660c",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630w",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "technology bf-660c",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630w",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:chiyutw:bf-630",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:chiyutw:bf-630w",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:chiyutw:bf-660c",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "76140"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2870",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05125",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2870",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2870",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05125",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-842",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine. \nAn attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2015-2870",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU91647568",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05125",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842",
"trust": 0.6
},
{
"db": "BID",
"id": "76140",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"id": "VAR-201508-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
}
],
"trust": 1.3476190433333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
}
]
},
"last_update_date": "2025-04-12T23:04:35.800000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Gallery",
"trust": 0.8,
"url": "http://www.chiyu-t.com.tw/pdt_list.asp?area=46\u0026cat=151"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/360431"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/80.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2870"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91647568/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2870"
},
{
"trust": 0.3,
"url": "http://www.chiyu-t.com.tw"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"date": "2015-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"date": "2015-08-01T01:59:11.943000",
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"date": "2015-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chiyu Technology fingerprint access control contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
],
"trust": 0.6
}
}
CVE-2015-2871 (GCVE-0-2015-2871)
Vulnerability from nvd – Published: 2015-08-01 01:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-01T01:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#360431",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/360431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2871",
"datePublished": "2015-08-01T01:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2871 (GCVE-0-2015-2871)
Vulnerability from cvelistv5 – Published: 2015-08-01 01:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-01T01:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#360431",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/360431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2871",
"datePublished": "2015-08-01T01:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}