# Exploit Title:- JioFi 4G Hotspot M2S 150 Mbps-Jio 4G Portable Wi-Fi Data Device – Buffer Overflow, Open Wireless Security – (PoC)
# Date:- 2018-07-26
# Vendor Homepage:- https://www.jio.com/
# Hardware Link:- https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29
# Version:-JioFi 4G Hotspot M2S 150 Mbps Wireless Router
# Category:- Hardware
# Exploit Author:- Vikas Chaudhary
# Published on :- https://gkaim.com/cve-2018-15181-vikas-chaudhary/
# Contact:- https://gkaim.com/contact-us/
# Web: https://gkaim.com/
# Tested on:- Windows 10
# CVE:- CVE-2018-15181
*********************************
# Product Description => This Jio Router has some Special Features like-
4G features on 2G/3G smart phones
True 4G speed – download speed up to 150 Mbps and upload speed up to 50 Mbps
Make video and HD voice calls, audio and video conference, send SMS with Jio 4G voice app
Recommended to connect up to 10 Wi-Fi enabled devices (smartphone, laptops, tablets and even smart TVs) and soo on …

# Vulnerability Description=> Buffer overflow occurs when a program tries to store more data
in a temporary storage area than it can hold. Writing outside the allocated memory
area can corrupt the data, crash the program or cause the execution of malicious
code that can allow an attacker to modify the target process address space.

*********************************
Proof Of Concept:-
1- First Open BurpSuite
2- Make Intercept on
3 -Go to your Wifi Router Gateway and log in [i.e http://192.168.225.1 ]
4- Go To => Setting=> WiFi
6- In SSID type “Testing” and in Security Key type “12345678” .
6-Click on Apply
7- Burp will Capture the Intercepts.
8- Copy this code “o<x>nmouseover=alert<x>(1)// and paste it after the SSID name and Security Key (Rename Vikas chaudhary and 12345 to Code ) and Forward it.
9- You will see that your Net connection will lost and Router will shutdown and Restart..
9-The Router will RESTART and your SSID name will change to this “o<x>nmouseover=alert<x>(1)//
10- Now again go to Wifi router gateway and loged in
12-You will see that the SSID name and Security Key will be Blank
13-Again try to Change the SSID name – YOU CAN’T , If you force it to change , You have to OPEN Your Wireless Security and that is unsecure . (Open wifi=> Without Password)

***********************************
Solutions:
1- You have to Reboot your Router .
2- Login using default username and password => administrator
3- Change it as you want.