full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Sprint / Verizon MiFi

Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

From: A. Ramos <aramosf_at_nospam>
Date: Sat Jan 16 2010 - 16:13:22 GMT
To: Adam Baldwin <adam_baldwin@ngenuity-is.com>

Hello all,

Just another one: you can access to the configuration backup without authentication at: /config.xml.sav

On Fri, Jan 15, 2010 at 17:12, Adam Baldwin <adam_baldwin@ngenuity-is.com> wrote:
> The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
> such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has
> a built in GPS to provide location based searching.

> *1. Authentication not required.*

Regards, -- Alejandro Ramos -- aka dab http://www.securitybydefault.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/