Chiyu Fingerprint Access Control Device XSS Vulnerability (CVE-2015-2870)
Chiyu Fingerprint Access Control Device XSS Vulnerability (CVE-2015-2870)
Release date:
Updated on:
Affected Systems:
Chiyu Technology BF-660C
Description:
CVE (CAN) ID: CVE-2015-2870
The Chiyu BF-660C is a fingerprint access control device.
The implementation of the Chiyu BF-630, BF-630W, and BF-660C has a cross-site scripting security vulnerability that allows remote attackers to inject arbitrary Web scripts or HTML through SCRIPT elements.
<* Source: Maxim Rupp
Link: http://www.kb.cert.org/vuls/id/360431
*>
Suggestion:
Vendor patch:
Chiyu Technology
----------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.chiyu-t.com.tw/
This article permanently updates the link address: