CVE-2021-31252
Description
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An open redirect vulnerability in multiple CHIYU IoT devices allows attackers to redirect users to malicious sites via crafted URLs, enabling phishing attacks.
Vulnerability
CHIYU BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices contain an open redirect vulnerability in their web interface. An attacker can craft a URL with a specially crafted redirect parameter that redirects users to an arbitrary external domain. The vulnerability affects unspecified firmware versions [1].
Exploitation
An attacker can exploit this by sending a link containing a malicious redirect URL to a user. No authentication is required; the user simply needs to click the link while accessing the device's web interface. The lack of validation on the redirect parameter allows the attacker to specify any destination [1].
Impact
Successful exploitation allows an attacker to redirect users to attacker-controlled websites, enabling phishing attacks, malware distribution, or credential theft. Because the redirect originates from a trusted device, users may be more likely to trust the destination [1].
Mitigation
As of the publication date (June 4, 2021), no official fix has been released by CHIYU. Users are advised to monitor CHIYU's firmware update page [2] for patches and to avoid clicking suspicious links that point to these devices. If the devices are no longer supported, replacement with updated models may be necessary [1][2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- CHIYU Technology/devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Improper sanitization of the `redirect=` input parameter in CGI components allows an attacker to inject an arbitrary external URL."
Attack vector
An attacker crafts a URL containing a malicious `redirect=` parameter (e.g., `redirect=http://127.0.0.1/exploit.htm`) and convinces the victim to click on it [ref_id=1]. The victim must be authenticated (PR:L) and the interaction is required (UI:R) [ref_id=1]. When the victim clicks the link, the device's CGI component redirects the browser to the attacker-supplied external site, enabling phishing or malware delivery [ref_id=1].
Affected code
All CGI components in the affected CHIYU devices (BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC) are vulnerable, including if.cgi, man.cgi, and similar endpoints [ref_id=1]. The flaw resides in the improper sanitization of the `redirect=` parameter passed via URL to these CGI components [ref_id=1].
What the fix does
The advisory states that installing the latest CHIYU firmware mitigates the vulnerability [ref_id=1]. No patch diff is provided in the bundle, but the vendor's remediation guidance indicates the telnet service was disabled in the updated firmware; however, for the open redirect specifically, the advisory does not describe the code-level fix [ref_id=1]. Users should contact CHIYU to obtain the firmware upgrade [ref_id=1].
Preconditions
- authVictim must be authenticated to the device (PR:L)
- inputVictim must click on the attacker-supplied link (UI:R)
- networkAttacker must have network access to deliver the crafted URL to the victim
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devicesmitrex_refsource_MISC
- seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/mitrex_refsource_MISC
- www.chiyu-tech.com/msg/message-Firmware-update-87.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.