ID
VAR-201001-0326
TITLE
Novatel MiFi web interface information disclosure and cross-site request forgery vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2010-0149
DESCRIPTION
Novatel MiFi is a small 3G wifi access device. Novatel MiFi allows users to perform certain operations via HTTP requests without performing a validity check, which may result in cross-site request forgery attacks. Novatel MiFi does not properly restrict access to the config.xml.sav file, and users can request the file to read sensitive information directly.
Trust: 0.6
sources:
CNVD: CNVD-2010-0149
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2010-0149
AFFECTED PRODUCTS
| vendor: | no | model: | - | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2010-0149
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2010-0149 | Trust: 0.6 |
sources:
CNVD: CNVD-2010-0149
SOURCES
| db: | CNVD | id: | CNVD-2010-0149 |
LAST UPDATE DATE
2022-05-04T09:24:36.874000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-0149 | date: | 2010-01-26T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-0149 | date: | 2010-01-26T00:00:00 |