Sign-up

ID

VAR-201001-0324


TITLE

Novatel MiFi Web Interface Information Disclosure and Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-3542

DESCRIPTION

Novatel MiFi is a small 3G wifi access device. Novatel MiFi allows users to perform certain operations via HTTP requests without performing a validity check, which may result in cross-site request forgery attacks. Novatel MiFi does not properly restrict access to the config.xml.sav file, and users can request the file to read sensitive information directly. MiFi 2352 is prone to an information-disclosure vulnerability that may expose sensitive information. Successful exploits will allow authenticated attackers to obtain passwords, which may aid in further attacks. MiFi 2352 access point firmware 11.47.17 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2010-3542 // BID: 37962

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-3542

AFFECTED PRODUCTS

vendor:mifimodel:novatelscope:eqversion:2352

Trust: 0.6

vendor:novatelmodel:wireless mifi access pointscope:eqversion:235211.47.17

Trust: 0.3

vendor:novatelmodel:wireless mifi access pointscope:eqversion:220011.47.17

Trust: 0.3

sources: CNVD: CNVD-2010-3542 // BID: 37962

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2010-3542
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2010-3542
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2010-3542

THREAT TYPE

network

Trust: 0.3

sources: BID: 37962

TYPE

Design Error

Trust: 0.3

sources: BID: 37962

EXTERNAL IDS

db:BIDid:37962

Trust: 0.9

db:CNVDid:CNVD-2010-3542

Trust: 0.6

sources: CNVD: CNVD-2010-3542 // BID: 37962

REFERENCES

url:http://www.securityfocus.com/bid/37962

Trust: 0.6

url:http://www.novatelwireless.com/

Trust: 0.3

url:http://www.securitybydefault.com/2010/01/vulnerabilidad-en-modemrouter-3g.html

Trust: 0.3

sources: CNVD: CNVD-2010-3542 // BID: 37962

CREDITS

Alejandro Ramos

Trust: 0.3

sources: BID: 37962

SOURCES

db:CNVDid:CNVD-2010-3542
db:BIDid:37962

LAST UPDATE DATE

2022-05-17T02:06:09.132000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-3542date:2010-01-15T00:00:00
db:BIDid:37962date:2011-03-09T15:17:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-3542date:2010-01-15T00:00:00
db:BIDid:37962date:2010-01-17T00:00:00