[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

Hello all,

Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav

On Fri, Jan 15, 2010 at 17:12, Adam Baldwin
<adam_baldwin@xxxxxxxxxxxxxxx> wrote:
> The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
> such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has
> a built in GPS to provide location based searching.

> *1. Authentication not required.*


Alejandro Ramos -- aka dab