CVE-2021-31249 Scanner
CVE-2021-31249 scanner - CRLF Injection vulnerability in CHIYU Technology BF-430, BF-431, and BF-450M
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
CHIYU Technology's BF-430, BF-431, and BF-450M TCP/IP Converter devices are commonly used for remote network communication in various industries and applications. These devices act as a bridge between different protocols and allow seamless data transmission between otherwise incompatible networks. Such devices are popular in automation, sensor networks, and industrial control systems.
Unfortunately, these devices have recently been found to contain a serious vulnerability, CVE-2021-31249. This vulnerability is caused by a lack of validation on the parameter redirect= available on multiple CGI components. This particular component can be manipulated to inject unexpected CRLF (carriage return, line feed) characters into the originating HTTP request, which allows an attacker to alter the HTTP response, potentially leading to various attacks like HTTP response splitting.
If this vulnerability is exploited, it can lead to various consequences, depending on the severity of the attack. In some cases, attackers may be able to perform unauthorized actions on the affected system. They might gain control over the device, steal sensitive data, or even execute remote code. Since these devices are commonly used in critical infrastructure, the potential impact of such attacks could be catastrophic.
Lastly, we would like to remind readers that vulnerabilities like CVE-2021-31249 are unfortunately quite common in modern devices and software. Therefore, it is essential to stay up-to-date with the latest threat intelligence and vulnerability information to protect your digital assets. Thanks to the pro features of the s4e.io platform, you can easily and quickly learn about vulnerabilities in your digital assets and take appropriate measures to protect them.
REFERENCES
