Posted by Luke Walker on Jan 14

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection

[*] Overview

Sierra Wireless produces a mobile wi-fi hotspot device that is popular
amongst telecommunication companies for re-branding to suit local markets.

The AirCard 760S/762S/763S Web-based Administrative Console suffers from a
HTTP header injection that allows an attacker to inject a file into the
HTTP response from the device.

[*] Description

The configuration…