Novatel Wireless MiFi 2352 - Password Information Disclosure

Author: Alejandro Ramos
type: remote
platform: hardware
port: 
date_added: 2010-01-17  
date_updated: 2014-05-29  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 33568.txt  

source: https://www.securityfocus.com/bid/37962/info

MiFi 2352 is prone to an information-disclosure vulnerability that may expose sensitive information.

Successful exploits will allow authenticated attackers to obtain passwords, which may aid in further attacks.

MiFi 2352 access point firmware 11.47.17 is vulnerable; other versions may also be affected.

The following example URIs are available:

http://www.example.com/config.xml.sav
http://www.example.com/config.xml.save