Security for everyone

CVE-2021-31249 Scanner

Detects 'CRLF Injection' vulnerability in CHIYU Technology BF-430, BF-431, and BF-450M affects v. Unknown.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-31249 Scanner Detail

CHIYU Technology's BF-430, BF-431, and BF-450M TCP/IP Converter devices are commonly used for remote network communication in various industries and applications. These devices act as a bridge between different protocols and allow seamless data transmission between otherwise incompatible networks. Such devices are popular in automation, sensor networks, and industrial control systems.

Unfortunately, these devices have recently been found to contain a serious vulnerability, CVE-2021-31249. This vulnerability is caused by a lack of validation on the parameter redirect= available on multiple CGI components. This particular component can be manipulated to inject unexpected CRLF (carriage return, line feed) characters into the originating HTTP request, which allows an attacker to alter the HTTP response, potentially leading to various attacks like HTTP response splitting.

If this vulnerability is exploited, it can lead to various consequences, depending on the severity of the attack. In some cases, attackers may be able to perform unauthorized actions on the affected system. They might gain control over the device, steal sensitive data, or even execute remote code. Since these devices are commonly used in critical infrastructure, the potential impact of such attacks could be catastrophic.

Lastly, we would like to remind readers that vulnerabilities like CVE-2021-31249 are unfortunately quite common in modern devices and software. Therefore, it is essential to stay up-to-date with the latest threat intelligence and vulnerability information to protect your digital assets. Thanks to the pro features of the SecurityForEveryone.com platform, you can easily and quickly learn about vulnerabilities in your digital assets and take appropriate measures to protect them.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture