Vulnerability Details CVE-2021-31251
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251
- https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU
- https://www.chiyu-tech.com/msg/message-Firmware-update-87.html
- https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251
- https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU
- https://www.chiyu-tech.com/msg/message-Firmware-update-87.html
Products affected by CVE-2021-31251
-
cpe:2.3:h:chiyu-tech:bf-430:-
-
cpe:2.3:h:chiyu-tech:bf-431:-
-
cpe:2.3:h:chiyu-tech:bf-450m:-
-
cpe:2.3:h:chiyu-tech:semac_d1:-
-
cpe:2.3:h:chiyu-tech:semac_d2:-
-
cpe:2.3:h:chiyu-tech:semac_d2_n300:-
-
cpe:2.3:h:chiyu-tech:semac_d4:-
-
cpe:2.3:h:chiyu-tech:semac_s1_osdp:-
-
cpe:2.3:h:chiyu-tech:semac_s2:-
-
cpe:2.3:h:chiyu-tech:semac_s3v3:-
-
cpe:2.3:o:chiyu-tech:bf-430_firmware:-
-
cpe:2.3:o:chiyu-tech:bf-431_firmware:-
-
cpe:2.3:o:chiyu-tech:bf-450m_firmware:-
-
cpe:2.3:o:chiyu-tech:semac_d1_firmware:-
-
cpe:2.3:o:chiyu-tech:semac_d2_firmware:-
-
cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-
-
cpe:2.3:o:chiyu-tech:semac_d4_firmware:-
-
cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-
-
cpe:2.3:o:chiyu-tech:semac_s2_firmware:-
-
cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-