cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter-CVE-2019-7439


# Exploit Title: cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter
# Exploit Author: Vikas Chaudhary
# Date: 21-01-2019
# Vendor Homepage:
# Hardware Link:
# Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router
# Category: Hardware
# Contact: Vikas Chaudhary
# Web:
# Tested on: Windows 10 X64- Firefox-65.0
# CVE-2019-7439
## Vulnerability Description :- A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
# Proof Of Concept:
1- First Open BurpSuite
2- Make Intercept on
3 -Go to your Wifi Router’s Gateway in Browser [i.e ] 4-Capture the data and then Spider the Host
5- Now You find a Link like this [ ] 6- Send it to repeter Now you will find parameter like this [ Page=GetWANInfo&mask=0&token=0 ] 7-Vulnerable parameter is => mash
8-Paste this PAYLOD in mask parameter and then show Response in browser
Payload =>

9-Now it will show => {“commit”:”Socket Connect Error”}
10– It Means Router is Completely Stopped ,
Vulnerable URL => Post Based => => mask parameter
You have to Remove your battery and then again insert it to make Normal.


Myself Vikash Chaudhary, I was interested in general knowledge since childhood, so I thought why not share my knowledge with you, that's why I created this educational blog. I am a Youtuber, Author, Blogger, Trader, Freelancer, and Security Analyst. I have experience of 7 years in Blogging and Trading. I have written 3 books which you can find on this website.Keep Loving and Supporting... Thank you.