|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-07-16 | |
| Rule Name: | Chiyu BF-630W Cross Site Scripting Vulnerability (CVE-2021-31643) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | BF-630W is a Web-based fingerprint controller based on Chiyu Technology. An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Others | |
| Reference: | http://packetstormsecurity.com/files/162887/CHIYU-IoT-Cross-Site-Scripting.html https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31643 https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/ https://www.chiyu-tech.com/msg/message-Firmware-update-87.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://packetstormsecurity.com/files/cve/CVE-2021-31643 |