Back to KEVs

CVE-2021-31250

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 15, 2021
Published Date
June 04, 2021
Last Updated
August 03, 2024
Vendor
n/a
Product
n/a
Description
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

5.4 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0

3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploit Status

Exploited in the Wild
Yes (2026-02-16 00:00:00 UTC) Source

References

https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/ https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250 https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-02-16 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-31250.yaml 2025-04-25 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel