Vulnerabilities > CVE-2019-7745 - Unspecified vulnerability in JIO Jmr1140 Firmware Amteljmr1140R12.07
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Exploit-Db
| id | EDB-ID:46364 |
| last seen | 2019-02-13 |
| modified | 2019-02-13 |
| published | 2019-02-13 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/46364 |
| title | Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure) |
References
- http://packetstormsecurity.com/files/151655/Jiofi-4-JMR-1140-WiFi-Password-Cross-Site-Request-Forgery.html
- https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7745-jiofi-4-jmr1140.html
- https://www.exploit-db.com/exploits/46364/
- http://packetstormsecurity.com/files/151655/Jiofi-4-JMR-1140-WiFi-Password-Cross-Site-Request-Forgery.html
- https://www.exploit-db.com/exploits/46364/
- https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7745-jiofi-4-jmr1140.html