Filtered by vendor Chiyu-tech Subscriptions
Filtered by product Bf-430 Firmware Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-31249 1 Chiyu-tech 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more 2023-08-08 6.5 Medium
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
CVE-2021-31641 1 Chiyu-tech 30 Bf-430, Bf-430 Firmware, Bf-431 and 27 more 2021-06-08 6.1 Medium
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
CVE-2021-31252 1 Chiyu-tech 28 Bf-430, Bf-430 Firmware, Bf-431 and 25 more 2021-06-08 6.1 Medium
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
CVE-2021-31251 1 Chiyu-tech 20 Bf-430, Bf-430 Firmware, Bf-431 and 17 more 2021-06-08 9.8 Critical
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
CVE-2021-31250 1 Chiyu-tech 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more 2021-06-08 5.4 Medium
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.