Skip to main content

Jmr1140 Firmware

3 CVEs product

Monthly

CVE-2019-7746 HIGH POC This Week

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jmr1140 Firmware
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
1.1%
CVE-2019-7745 CRITICAL POC Act Now

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jmr1140 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.8%
CVE-2019-7687 MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jmr1140 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.6%
EPSS 1% CVSS 8.1
HIGH POC This Week

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jmr1140 Firmware
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jmr1140 Firmware
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jmr1140 Firmware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy