VAR-201508-0309
Vulnerability from variot - Updated: 2025-04-12 23:04Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine. An attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bf-630",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-630w",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-660c",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-660c",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630w",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "technology bf-660c",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630w",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:chiyutw:bf-630",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:chiyutw:bf-630w",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:chiyutw:bf-660c",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "76140"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2870",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05125",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2870",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2870",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05125",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-842",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine. \nAn attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2015-2870",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU91647568",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05125",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842",
"trust": 0.6
},
{
"db": "BID",
"id": "76140",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"id": "VAR-201508-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
}
],
"trust": 1.3476190433333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
}
]
},
"last_update_date": "2025-04-12T23:04:35.800000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Gallery",
"trust": 0.8,
"url": "http://www.chiyu-t.com.tw/pdt_list.asp?area=46\u0026cat=151"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/360431"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/80.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2870"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91647568/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2870"
},
{
"trust": 0.3,
"url": "http://www.chiyu-t.com.tw"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"date": "2015-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"date": "2015-08-01T01:59:11.943000",
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"date": "2015-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-842"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chiyu Technology fingerprint access control contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…