CVE-2021-31251

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
chiyu-techbf-430_firmware
-
chiyu-techbf-431_firmware
-
chiyu-techbf-450m_firmware
-
chiyu-techsemac_s2_firmware
-
chiyu-techsemac_d1_firmware
-
chiyu-techsemac_d2_firmware
-
chiyu-techsemac_d4_firmware
-
chiyu-techsemac_s3v3_firmware
-
chiyu-techsemac_d2_n300_firmware
-
chiyu-techsemac_s1_osdp_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251
https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU
https://www.chiyu-tech.com/msg/message-Firmware-update-87.html
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251
https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU
https://www.chiyu-tech.com/msg/message-Firmware-update-87.html