VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 4, 2021· Updated Aug 3, 2024

CVE-2021-31251

CVE-2021-31251

Description

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authentication bypass in CHIYU BF-430, BF-431, BF-450M, and SEMAC telnet servers allows an unauthenticated attacker to gain privileged access via a specially malformed request.

Vulnerability

An authentication bypass vulnerability exists in the telnet server of CHIYU Technology BF-430, BF-431, BF-450M 232/422 TCP/IP Converter devices, and the SEMAC device. The server incorrectly handles a malformed request, believing the user has already authenticated. This affects firmware versions prior to the latest update (as of June 2021) [1].

Exploitation

An unauthenticated attacker with network access to the target device's telnet service can send a specially crafted malformed request. No prior authentication or user interaction is required. The server processes this request and treats the connection as authenticated, granting immediate access [1].

Impact

Successful exploitation allows the attacker to obtain a privileged telnet session with the device. This can lead to full compromise of the device, including unauthorized configuration changes, data exfiltration, and potential pivoting to other internal systems [1].

Mitigation

The vendor has not publicly disclosed a specific firmware release that fixes this issue. The available references do not mention a patched version. It is recommended to contact CHIYU Technology for updated firmware and to restrict telnet access via network segmentation or firewall rules [1].

References
  1. CHIYU IoT devices | Red Teaming and Malware Analysis

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"An overflow or state-handling flaw during telnet protocol negotiation allows the server to skip authentication and treat the connection as already authenticated."

Attack vector

An unauthenticated attacker on the network sends a specially malformed telnet request to the target device. During the telnet protocol negotiation, the server fails to properly handle the negotiation state — at the 4th TCP request the server "jumps to the next state and believes that the user has already authenticated" [ref_id=1]. This bypasses the telnet authentication banner and grants the attacker direct access to the privileged configuration menu without supplying valid credentials [ref_id=1]. The attack requires no authentication and can be performed remotely over the network.

Affected code

The telnet server component in BF-430, BF-431, BF-450M, and SEMAC devices from CHIYU Technology Inc. The advisory states the flaw occurs "during the negotiation of the telnet protocol" [ref_id=1]. No specific source file or function name is provided in the reference.

What the fix does

The vendor's mitigation was to disable the telnet service entirely in the latest firmware version [ref_id=1]. No source-level patch is published; the advisory notes that "the telnet service was disabled in order to solve this issue" [ref_id=1]. Users are instructed to install the latest firmware to remediate the vulnerability.

Preconditions

  • networkThe target device must have the telnet service enabled and reachable over the network.
  • authNo authentication or prior access is required.

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.