Skip to main content

Jiofi 4G M2S Firmware

3 CVEs product

Monthly

CVE-2019-7440 MEDIUM POC This Month

JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-7439 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.8%
CVE-2019-7438 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiofi 4G M2S Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.0%
EPSS 2% CVSS 6.5
MEDIUM POC This Month

JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jiofi 4G M2S Firmware
NVD Exploit-DB
EPSS 5% CVSS 6.5
MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jiofi 4G M2S Firmware
NVD Exploit-DB
EPSS 4% CVSS 6.1
MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiofi 4G M2S Firmware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy