What is CVE-2021-31249?

CVE-2021-31249 is a vulnerability in N/a. Published 2021-06-04.

Is CVE-2021-31249 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-31249

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.

EPSS: 0.904 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-… (x_refsource_MISC)
www.chiyu-tech.com/msg/message-Firmware-update-87.html (x_refsource_MISC)
gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-31249?: CVE-2021-31249 is a vulnerability in N/a. Published 2021-06-04.
Is CVE-2021-31249 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.