---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Novatel MiFi Information Disclosure and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA38269 VERIFY ADVISORY: http://secunia.com/advisories/38269/ DESCRIPTION: A security issue and a vulnerability have been reported in Novatel MiFi, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site request forgery attacks. 1) The device allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. modify certain settings. Note: Reportedly, the authentication mechanism is not properly implemented. Additionally, it's reportedly possible to disclose a user's GPS position by e.g. tricking him into visiting a specially crafted website. 2) The device does not properly restrict access to the "config.xml.sav" file, which can be exploited to disclose potentially sensitive information by requesting the file directly. Vulnerability #2 is reported in Novatel MiFi 2352 (Vodafone branding) with access point firmware 11.47.17, router firmware 012, and modem firmware 5.15.00.0-00 [2009-06-26 10:24:29]. Other devices and firmware versions may also be affected. SOLUTION: There is no known workaround at this time. PROVIDED AND/OR DISCOVERED BY: 1) Adam Baldwin 2) Alejandro Ramos aka dab ORIGINAL ADVISORY: 1) http://evilpacket.net/2010/jan/14/mifi-geopwn/ 2) http://www.securitybydefault.com/2010/01/vulnerabilidad-en-modemrouter-3g.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------