This page lists publicly disclosed CVE vulnerabilities affecting chiyu-tech bf-430_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-31252 | An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it. | [email protected] | 6.1 | 28.55% | 2021-06-04 | 2026-06-16 |
| CVE-2021-31251 | An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated. | [email protected] | 9.8 | 35.71% | 2021-06-04 | 2026-06-16 |
| CVE-2021-31250 | Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi. | [email protected] | 5.4 | 79.61% | 2021-06-04 | 2026-06-16 |
| CVE-2021-31249 | A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components. | [email protected] | 6.5 | 18.00% | 2021-06-04 | 2026-06-16 |
| CVE-2021-31641 | An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. | [email protected] | 6.1 | 5.12% | 2021-06-01 | 2026-06-16 |