CVE-2021-31251 – This CVE describes an authentication bypass vul... (How to Fix)

Q: What is the severity of CVE-2021-31251?

CVE-2021-31251 has a CVSS score of 9.8 (CRITICAL). This CVE describes an authentication bypass vulnerability in CHIYU Technology's telnet server implementation for specific IoT converter devices. Attackers can send specially crafted requests to establish privileged connections without valid credentials, potentially gaining full control of affected devices. Organizations using BF-430, BF-431, BF-450M, or SEMAC devices from CHIYU Technology are affected.

📋 TL;DR

This CVE describes an authentication bypass vulnerability in CHIYU Technology's telnet server implementation for specific IoT converter devices. Attackers can send specially crafted requests to establish privileged connections without valid credentials, potentially gaining full control of affected devices. Organizations using BF-430, BF-431, BF-450M, or SEMAC devices from CHIYU Technology are affected.

💻 Affected Systems

Products:

BF-430 TCP/IP Converter
BF-431 232/422 TCP/IP Converter
BF-450M
SEMAC

Versions: All versions prior to firmware updates addressing CVE-2021-31251

Operating Systems: Embedded firmware on CHIYU devices

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with telnet service enabled (typically on port 23) are vulnerable. Some devices may have telnet disabled by default, but configuration varies.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to reconfigure devices, intercept/modify data streams, use devices as network pivots, or deploy persistent malware on the device firmware.

🟠

Likely Case

Unauthorized access to device configuration, potential data interception from serial communications, and device manipulation affecting connected industrial/automation systems.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and telnet access is blocked at network boundaries.

🌐 Internet-Facing: HIGH - Directly exploitable over telnet protocol (port 23) with no authentication required once the malformed request is sent.

🏢 Internal Only: HIGH - Even internally, any network-accessible device with telnet enabled remains vulnerable to authenticated attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a specific malformed request to the telnet server. Public technical details and proof-of-concept code are available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released by CHIYU Technology (specific version numbers should be verified from vendor advisory)

Vendor Advisory: https://www.chiyu-tech.com/msg/message-Firmware-update-87.html

Restart Required: Yes

Instructions:

1. Download latest firmware from CHIYU Technology website. 2. Access device management interface. 3. Upload and apply firmware update. 4. Reboot device. 5. Verify telnet authentication now requires valid credentials.

🔧 Temporary Workarounds

Disable Telnet Service

all

Completely disable telnet access if not required for operations

Access device web interface -> Network Settings -> Services -> Disable Telnet

Network Access Control

linux/windows

Restrict telnet port (23) access using firewall rules

iptables -A INPUT -p tcp --dport 23 -j DROP
netsh advfirewall firewall add rule name="Block Telnet" dir=in action=block protocol=TCP localport=23

🧯 If You Can't Patch

Segment affected devices into isolated VLANs with strict firewall rules blocking all unnecessary inbound connections
Implement network monitoring for telnet traffic to/from affected devices and alert on authentication bypass patterns

🔍 How to Verify

Check if Vulnerable:

Attempt telnet connection to device port 23 and send malformed authentication request as described in public advisories. If connection is established without valid credentials, device is vulnerable.

Check Version:

Check device web interface or serial console for firmware version, or use: telnet [device_ip] 23 and examine banner if available

Verify Fix Applied:

After patching, attempt the same exploit - connection should fail or require valid authentication credentials.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful privileged access
Telnet connections from unexpected sources
Malformed telnet packets in network logs

Network Indicators:

Telnet traffic to port 23 with specific payload patterns matching exploit
Unusual telnet session establishment without preceding authentication exchange

SIEM Query:

source_port=23 AND (payload_contains="malformed_auth_pattern" OR (event_type="connection_success" AND NOT preceding_event="auth_success"))

📊 Metadata

CVE ID: CVE-2021-31251

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: June 4, 2021

Last Updated: November 21, 2024

🔗 References

https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251 Exploit,Third Party Advisory
https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU Exploit,Third Party Advisory
https://www.chiyu-tech.com/msg/message-Firmware-update-87.html Vendor Advisory
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31251 Exploit,Third Party Advisory
https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/#.YLqK1KhKguU Exploit,Third Party Advisory
https://www.chiyu-tech.com/msg/message-Firmware-update-87.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31251, you might also want to check these: