Home > CVE > JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings-CVE-2019-7440

JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings-CVE-2019-7440

jio-router-vulnerability-cve-2019-7440

# Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi)
# Exploit Author: Vikas Chaudhary
# Date: 21-01-2019
# Vendor Homepage: https://www.jio.com/
# Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29
# Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router
# Category: Hardware
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 X64- Firefox-65.0
# CVE-2019-7440
***********************************************************************
## Vulnerability Description :- The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The issue is triggered when an unauthorized input passed via multiple POST and GET parameters are not properly sanitized
before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context
of an affected site.
—————————————-
# Proof Of Concept:-PoC
1- First Open BurpSuite
2- Make Intercept on
3 -Go to your Wifi Router’s Gateway in Browser [i.e http://192.168.225.1 ]
4-Goto wifi edit section and click on apply
5-Now capture the data and generate CSRF PoC
6-Now Change the SSID name and Password (Security Key) According to you
7-Save it as .html and send it to Victim.
8-Victim’s profile will be changed according to you
——————-

Summary
Article Name=>
JioFi 4G M2S 1.0.2 Wifi Router's Vulnerability- CVE-2019-7440
Description=>
JioFi 4G M2S 1.0.2 devices have CSRF vulnerability via the SSID name and Security Key field under Edit Wi-Fi Settings
Author=>
Publisher Name=>
www.gkaim.com
Admin
Welcome Sir, .. Myself Vikas Chaudhary , i was interested in general knowledge since childhood , so i thought why not to share my knowledge with you, that's why i created this educational blog. Here you find world wide general knowledge of all Latest technology , Science & History Que , and Mysterious fact of the world. Here you also find knowledge about cyber security. Thanks for visit.. keep supporting....keep Loving
https://www.gkaim.com

Leave a Reply

%d bloggers like this: