From 11eac3b620342e33b4b4f0b9fb64efcc789bbc4e Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Thu, 6 Apr 2023 14:18:20 -0400 Subject: [PATCH] Enhancement: cves/2021/CVE-2021-31249.yaml by md --- cves/2021/CVE-2021-31249.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cves/2021/CVE-2021-31249.yaml b/cves/2021/CVE-2021-31249.yaml index 691a739a17..fcf2684a8c 100644 --- a/cves/2021/CVE-2021-31249.yaml +++ b/cves/2021/CVE-2021-31249.yaml @@ -1,14 +1,15 @@ id: CVE-2021-31249 info: - name: CHIYU TCP/IP Converter devices - CRLF injection + name: CHIYU TCP/IP Converter - Carriage Return Line Feed Injection author: geeknik severity: medium - description: A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter 'redirect' available on multiple CGI components. + description: CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249 - https://www.chiyu-tech.com/msg/message-Firmware-update-87.html - https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-31249 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 @@ -31,3 +32,5 @@ requests: - "Location: setting.htm" - "" condition: and + +# Enhanced by md on 2023/04/06