Bugtraq mailing list archives
Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker
From: "A. Ramos" <aramosf () unsec net>
Date: Sat, 16 Jan 2010 17:13:22 +0100
Hello all, Just another one: you can access to the configuration backup without authentication at: /config.xml.sav On Fri, Jan 15, 2010 at 17:12, Adam Baldwin <adam_baldwin () ngenuity-is com> wrote:
The MiFi by Novatel Wireless (re-branded and sold by multiple vendors such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has a built in GPS to provide location based searching.
*1. Authentication not required.*
Regards, -- Alejandro Ramos -- aka dab http://www.securitybydefault.com
Current thread:
- Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Adam Baldwin (Jan 15)
- Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker A. Ramos (Jan 18)
- Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker Adam Baldwin (Jan 18)
- Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker A. Ramos (Jan 18)