CVE-2018-15181

MEDIUM

JioFi 4G Hotspot M2S Firmware - Denial of Service via XSS in SSID and Security Key Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15181. PoCs published by Vikas Chaudhary.

AI-analyzed exploit summary This PoC demonstrates a Denial of Service (DoS) vulnerability in JioFi 4G M2S routers by injecting malicious input into the SSID and Security Key fields, causing the router to restart and potentially leaving the WiFi network unsecured.

Description

JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields.

Exploits (1)

exploitdb WORKING POC

by Vikas Chaudhary · textdoshardware

https://www.exploit-db.com/exploits/45199

View Code ZIP pw:eip

This PoC demonstrates a Denial of Service (DoS) vulnerability in JioFi 4G M2S routers by injecting malicious input into the SSID and Security Key fields, causing the router to restart and potentially leaving the WiFi network unsecured.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: JioFi 4G Hotspot M2S 150 Mbps Wireless Router (Version 1.0.2)

Auth required

Prerequisites: Access to the router's admin interface · Burp Suite for intercepting requests

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45199/

Exploit, Third Party Advisory x_refsource_misc

https://gkaim.com/cve-2018-15181-vikas-chaudhary/

Scores

CVSS v3 6.5

EPSS 0.0528

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-79

Status published

Products (1)

jio/4g_hotspot_m2s_firmware

Published Aug 09, 2018

Tracked Since Feb 18, 2026