
Security researchers have discovered a slew of vulnerabilities affecting 4G hotspots from ZTE, and the company hasn't provided fixes for all of the affected devices.
The security flaws could allow a potential hacker to redirect traffic from the hotspot to other malicious websites, researchers said.
The vulnerabilities were disclosed on Saturday at Defcon, an annual hacking conference in Las Vegas.
A Pen Test Partners researcher who goes by the handle "Dave Null" described ZTE's security issues at length, as well as his concerns with how the Chinese phone company responded to the disclosure.
Null said that the vulnerabilities were simple to pull off -- an attacker only needed the victim to visit a malicious website using one of ZTE's hotspots.
The researcher found a model of hotspots were disclosing the device's passwords when a website's code requested it.