posted under Gadget by Radikal Zen

Novatel Wireles, sold by both Verizon Wireless and Sprint as the MiFi 2200. This is mobile with hotspot, built in with GPS, Enough cool for little mobile device. But wait, dont glance with feature. Lets face it with bugs.
From evil packet, They wrote about this :

1. Authentication not required.

   The MiFi does not require a valid session to commit changes to configuration settings. This makes exploiting the below issues a lot easier when you don’t have to require that the victim have a valid session.

2. Enable GPS without the users knowledge.
   The GPS on a MiFi can be enabled by visiting the following URL. Depending on the situation the victim may get a alert that says “Login Required” but if they are like the typical user they will simply click on it and forget it ever happened.
3. Cross-Site Request Forgery (CSRF)

   The web interface does not validate referrer or use any magical tokens to protect against CSRF. This means that we can have a victim visit our malicious website and do evil things like change the wireless settings of the MiFi.

4. Output Encoding

   In multiple locations of the MiFi web interface user input is not properly encoded when output back to the user. One interesting location is the key field for the wifi settings. I’m wondering why the hell somebody thought it was a good idea to print the wifi key in clear text back to the user, and in this case it’s not properly encoded either giving us a nice 63 character persistent injection point for script.

Via Evil packet