CVE-2019-7746

HIGH

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 - Info Disclosure

Title source: llm
STIX 2.1

Description

JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.

References (2)

Core 2
Core References
Broken Link, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46365/

Scores

CVSS v3 8.1
EPSS 0.0106
EPSS Percentile 60.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
jio/jmr1140_firmware amtel_jmr1140_r12.07
Published May 07, 2019
Tracked Since Feb 18, 2026