VAR-202106-1498
Vulnerability from variot - Updated: 2024-08-14 15:01An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. plural CHIYU Technology The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bf-431",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-430",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-830w",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d2 n300",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d2",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d4",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s1 osdp",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s3v3",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "webpass",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-630",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-631w",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac s2",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-450m",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "semac d1",
"scope": "eq",
"trust": 1.0,
"vendor": "chiyu tech",
"version": null
},
{
"model": "bf-430",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s3v3",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s2",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d2 n300",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d2",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d1",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-431",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac d4",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-450m",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "semac s1 osdp",
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"cve": "CVE-2021-31252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-31252",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-31252",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-31252",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31252",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-31252",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-372",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. plural CHIYU Technology The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31252",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007455",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"id": "VAR-202106-1498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8
},
"last_update_date": "2024-08-14T15:01:27.028000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware\u00a0update",
"trust": 0.8,
"url": "https://www.chiyu-tech.com/msg/message-Firmware-update-87.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.0
},
{
"problemtype": "Open redirect (CWE-601) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.chiyu-tech.com/msg/message-firmware-update-87.html"
},
{
"trust": 1.6,
"url": "https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/"
},
{
"trust": 1.6,
"url": "https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31252"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"date": "2021-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"date": "2021-06-04T21:15:07.547000",
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2021-007455"
},
{
"date": "2021-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-372"
},
{
"date": "2021-06-08T20:19:11.527000",
"db": "NVD",
"id": "CVE-2021-31252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CHIYU\u00a0Technology\u00a0 Open redirect vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007455"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-372"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…