BugTraq
Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Jan 15 2010 04:12PM
Adam Baldwin (adam_baldwin ngenuity-is com) (1 replies)
Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Jan 16 2010 04:13PM
A. Ramos (aramosf unsec net) (1 replies)
Hello all,

Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav

On Fri, Jan 15, 2010 at 17:12, Adam Baldwin
<adam_baldwin (at) ngenuity-is (dot) com [email concealed]> wrote:
> The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
> such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has
> a built in GPS to provide location based searching.

>
> *1. Authentication not required.*

Regards,

--
Alejandro Ramos -- aka dab
http://www.securitybydefault.com

[ reply ]
Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Jan 16 2010 05:09PM
Adam Baldwin (adam_baldwin ngenuity-is com)


 

Privacy Statement
Copyright 2010, SecurityFocus