Details of VAR-202106-1498

ID

VAR-202106-1498

CVE

CVE-2021-31252

TITLE

plural CHIYU Technology Open redirect vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-007455

DESCRIPTION

An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. plural CHIYU Technology The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2021-31252 // JVNDB: JVNDB-2021-007455

AFFECTED PRODUCTS

vendor:	chiyu tech	model:	bf-431	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	bf-430	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	bf-830w	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	semac d2 n300	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	semac d2	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	semac d4	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	semac s1 osdp	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	semac s3v3	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	webpass	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	bf-630	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	bf-631w	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	semac s2	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	bf-450m	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu tech	model:	semac d1	scope:	eq	version:	-	Trust: 1.0
vendor:	chiyu	model:	bf-430	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	semac s3v3	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	semac s2	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	semac d2 n300	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	semac d2	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	semac d1	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	bf-431	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	semac d4	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	bf-450m	scope:	-	version:	-	Trust: 0.8
vendor:	chiyu	model:	semac s1 osdp	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007455 // NVD: CVE-2021-31252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31252
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-31252
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-372
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-31252
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-31252
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-31252
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-007455 // CNNVD: CNNVD-202106-372 // NVD: CVE-2021-31252

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.0
problemtype:	Open redirect (CWE-601) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007455 // NVD: CVE-2021-31252

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-372

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202106-372

PATCH

title:

Firmware update

url:

https://www.chiyu-tech.com/msg/message-Firmware-update-87.html

Trust: 0.8

sources: JVNDB: JVNDB-2021-007455

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31252	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-007455	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-372	Trust: 0.6

sources: JVNDB: JVNDB-2021-007455 // CNNVD: CNNVD-202106-372 // NVD: CVE-2021-31252

REFERENCES

url:	https://www.chiyu-tech.com/msg/message-firmware-update-87.html	Trust: 1.6
url:	https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/	Trust: 1.6
url:	https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31252	Trust: 0.8

sources: JVNDB: JVNDB-2021-007455 // CNNVD: CNNVD-202106-372 // NVD: CVE-2021-31252

SOURCES

db:	JVNDB	id:	JVNDB-2021-007455
db:	CNNVD	id:	CNNVD-202106-372
db:	NVD	id:	CVE-2021-31252

LAST UPDATE DATE

2024-08-14T15:01:27.028000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-007455	date:	2022-02-14T04:50:00
db:	CNNVD	id:	CNNVD-202106-372	date:	2021-06-10T00:00:00
db:	NVD	id:	CVE-2021-31252	date:	2021-06-08T20:19:11.527

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-007455	date:	2022-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-372	date:	2021-06-04T00:00:00
db:	NVD	id:	CVE-2021-31252	date:	2021-06-04T21:15:07.547