CVE-2021-31249
Description
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CRLF injection in CHIYU BF-430, BF-431, and BF-450M TCP/IP converters via redirect= parameter allows HTTP response splitting and XSS.
Vulnerability
A CRLF injection vulnerability exists in CHIYU BF-430, BF-431, and BF-450M TCP/IP Converter devices due to insufficient validation of the redirect= parameter across multiple CGI components. This allows an attacker to inject arbitrary CRLF sequences into HTTP responses. The vulnerability affects all firmware versions prior to the vendor's security update. [1]
Exploitation
An attacker with network access and low-privileged credentials (or default credentials) can craft a malicious HTTP request containing a CRLF payload (e.g., %0d%0a%0d%0a) in the redirect= parameter. When the device processes the request, the injected CRLF sequences are reflected in the HTTP response, enabling HTTP response splitting. This can be leveraged to perform cross-site scripting (XSS) attacks against users browsing the device's web interface. [1]
Impact
Successful exploitation allows an attacker to inject arbitrary HTTP headers or body content, leading to cross-site scripting (XSS) in the context of the device's web management interface. This can result in information disclosure, session hijacking, or redirection to malicious sites. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N) indicates low confidentiality impact and no integrity or availability impact, but the scope change implies potential impact on surrounding systems. [1]
Mitigation
CHIYU Technology has released firmware updates to address this vulnerability. Users should download and install the latest firmware from the vendor's official site [2]. If updating is not immediately possible, restrict network access to the device's web interface to trusted users only.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- CHIYU Technology Inc/TCP/IP Converter devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing validation on the `redirect=` parameter allows CRLF sequence injection into HTTP responses."
Attack vector
An attacker with network access to the device can inject CRLF sequences into the `redirect=` parameter of any CGI component. By sending a payload such as `%0d%0a%0d%0a<script>alert(document.domain)</script>`, the attacker injects HTTP headers and a response body, enabling HTTP response splitting and cross-site scripting (XSS) [ref_id=1]. The attack requires no special privileges beyond network access to the device's web interface.
Affected code
The vulnerability exists in all CGI components of the CHIYU BF-430, BF-431, and BF-450M TCP/IP Converter devices. The affected parameter is `redirect=`, which is accepted by multiple CGI components without proper validation [ref_id=1].
What the fix does
The advisory states that installing the latest CHIYU firmware mitigates this vulnerability [ref_id=1]. No specific patch diff is provided in the reference material, but the remediation involves properly validating and sanitizing the `redirect=` parameter across all CGI components to reject or encode CRLF sequences before reflecting them in HTTP responses.
Preconditions
- networkNetwork access to the CHIYU device's web interface
- authNo authentication required (PR:L per CVSS vector)
Reproduction
The reference write-up documents the following payload for reproduction: inject `%0d%0a%0d%0a<script>alert(document.domain)</script>` into the `redirect=` parameter of any CGI component [ref_id=1]. The exploit is also published on ExploitDB (ID 49923) [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devicesmitrex_refsource_MISC
- seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/mitrex_refsource_MISC
- www.chiyu-tech.com/msg/message-Firmware-update-87.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.