JIO Jmr1140 Firmware : Security vulnerabilities, CVEs

Copy

CVE-2019-7746

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.

Max CVSS

8.1

EPSS Score

0.18%

Published

2019-05-07

Updated

2019-05-08

CVE-2019-7745

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.

Max CVSS

9.8

EPSS Score

0.85%

Published

2019-05-07

Updated

2020-08-24

CVE-2019-7687

cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.

Max CVSS

6.1

EPSS Score

0.30%

Published

2019-05-07

Updated

2019-05-08

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!