Full Disclosure: Re: Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

Re: Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

From: "A. Ramos" <aramosf () unsec net>
Date: Sat, 16 Jan 2010 17:13:22 +0100

Hello all,

Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav

On Fri, Jan 15, 2010 at 17:12, Adam Baldwin
<adam_baldwin () ngenuity-is com> wrote:

The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has
a built in GPS to provide location based searching.


*1. Authentication not required.*


Regards,

-- 
Alejandro Ramos -- aka dab
http://www.securitybydefault.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Adam Baldwin (Jan 15)
- Re: Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker A. Ramos (Jan 16)
  - Re: Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Adam Baldwin (Jan 16)