CVE-2019-7746

Name of the Vulnerable Software and Affected Versions JioFi 4 jmr1140 Amtel JMR1140 R12.07

Description The issue allows remote attackers to obtain an admin token by making a "/cgi-bin/qcmap auth" type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.

Recommendations For JioFi 4 jmr1140 Amtel JMR1140 R12.07, as a temporary workaround, consider restricting access to the "/cgi-bin/qcmap auth" endpoint until a patch is available. Avoid using the type=getuser parameter in the affected API endpoint until the issue is resolved.