Описание
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:chiyu-tech:semac_s2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:semac_s2:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:chiyu-tech:semac_d1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:semac_d1:-:*:*:*:*:*:*:*
Конфигурация 6
Одновременно
cpe:2.3:o:chiyu-tech:semac_d2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:semac_d2:-:*:*:*:*:*:*:*
Конфигурация 7
Одновременно
cpe:2.3:o:chiyu-tech:semac_d4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:semac_d4:-:*:*:*:*:*:*:*
Конфигурация 8
Одновременно
cpe:2.3:o:chiyu-tech:semac_s3v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:semac_s3v3:-:*:*:*:*:*:*:*
Конфигурация 9
Одновременно
cpe:2.3:o:chiyu-tech:semac_d2_n300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:semac_d2_n300:-:*:*:*:*:*:*:*
Конфигурация 10
Одновременно
cpe:2.3:o:chiyu-tech:semac_s1_osdp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:semac_s1_osdp:-:*:*:*:*:*:*:*
Конфигурация 11
Одновременно
cpe:2.3:o:chiyu-tech:bf-630_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-630:-:*:*:*:*:*:*:*
Конфигурация 12
Одновременно
cpe:2.3:o:chiyu-tech:bf-631w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-631w:-:*:*:*:*:*:*:*
Конфигурация 13
Одновременно
cpe:2.3:o:chiyu-tech:bf-830w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-830w:-:*:*:*:*:*:*:*
Конфигурация 14
Одновременно
cpe:2.3:o:chiyu-tech:webpass_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:webpass:-:*:*:*:*:*:*:*
Конфигурация 15
Одновременно
cpe:2.3:o:chiyu-tech:bfminiw_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bfminiw:-:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01159
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
EPSS
Процентиль: 78%
0.01159
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79