Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jmr1140 Firmware Security Vulnerabilities - February

cve
cve

CVE-2019-7687

cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.

6.1CVSS

6AI Score

0.003EPSS

2019-05-07 07:29 PM
26
cve
cve

CVE-2019-7745

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.

9.8CVSS

9.4AI Score

0.008EPSS

2019-05-07 07:29 PM
288
cve
cve

CVE-2019-7746

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.

8.1CVSS

8.1AI Score

0.002EPSS

2019-05-07 07:29 PM
34