Описание
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.9258
Критический
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
EPSS
Процентиль: 100%
0.9258
Критический
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-74