CVE-2021-31252
MEDIUMChiyu-Tech Firmware - Open Redirect via Crafted URL
Title source: llmDescription
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/
Exploit, Third Party Advisory x_refsource_misc
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31252
Vendor Advisory x_refsource_confirm
https://www.chiyu-tech.com/msg/message-Firmware-update-87.html
Scores
CVSS v3
6.1
EPSS
0.2855
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (14)
chiyu-tech/bf-430_firmware
chiyu-tech/bf-431_firmware
chiyu-tech/bf-450m_firmware
chiyu-tech/bf-630_firmware
chiyu-tech/bf-631w_firmware
chiyu-tech/bf-830w_firmware
chiyu-tech/semac_d1_firmware
chiyu-tech/semac_d2_firmware
chiyu-tech/semac_d2_n300_firmware
chiyu-tech/semac_d4_firmware
... and 4 more
Published
Jun 04, 2021
Tracked Since
Feb 18, 2026