JioFi 4G M2S 1.0.2 Denial Of Service

Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

CVE-2019-7440

Affected product: JioFi 4G M2S 1.0.2. Vulnerability: Cross-Site Request Forgery (CSRF) via the SSID name and Security Key field in Edit Wi‑Fi Settings (SetWiFi_Setting to cgi-bin/qcmap_web_cgi). Root cause: HTTP requests processed without proper validity checks enabling state-changing actions. Im...