CVE-2019-7440

Name of the Vulnerable Software and Affected Versions JioFi 4G M2S version 1.0.2

Description The issue concerns a CSRF vulnerability that can be exploited via the SSID name and Security Key field under Edit Wi-Fi Settings. This is achieved through a SetWiFi Setting request to the "cgi-bin/qcmap web cgi" endpoint.

Recommendations For JioFi 4G M2S version 1.0.2, as a temporary workaround, consider restricting access to the Edit Wi-Fi Settings page to minimize the risk of exploitation. Avoid using the SSID name and Security Key fields in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.