Movistar’s most popular fiber router has a significant vulnerability. It is the HGU model and has been affected by a Cross-Site-Scripting or XSS security flaw. An attacker can exploit these types of vulnerabilities to insert malicious JavaScript code on our computer. This could allow an intruder to access our network and thereby gain access to connected devices.
An XSS vulnerability affects Movistar’s HGU router
It is one of the most used models by fiber optic customers. It specifically affects the HGU RTF8115VW model manufactured by Askey, since Movistar has several similar-looking models. This is the most recent, so if you have contracted fiber with this operator or its O2 subsidiary in recent months, it is very likely that you are affected.
How does this problem work? This occurs when visiting a URL with the access interface to the router. Basically the form with which we put the username and password to enter the configuration and be able to change the Wi-Fi password, the name of the network, etc. Movistar’s HGU router is a widely used model and such a failure can affect many clients.
According to the user bokanrb on GitHub , this security flaw was discovered five months ago, last February, and has not yet been corrected. There he shows how this vulnerability works and how a hypothetical attacker could take advantage of it and put our security at risk.
How to know if the router is affected
An attacker can use the URL http://192.168.1.1/cgi-bin/te_acceso_router.cgi?curWebPage=/settings-internet.asp";alert('xss')//&loginUsername=admin&loginPassword=admin where 192.168. 1.1 would be the default gateway to access the router and alert (‘xss’) would be the JavaScript code that it would execute.The name and password part would contain any value, since these are not validated.
In case our device is affected by this vulnerability, which will be normal if we use the RTF8115VW model of the Movistar HGU router, a dialog box will appear when we put that URL in the browser.
In this way, through this technique a possible attacker could execute malicious code on our computer. It does this after it gets us to visit the URL with the bug. Logically with this it could sneak malware, enter our devices, steal information …
The vulnerability has been registered as CVE-2021-27403 . At the time of writing this article, it has not yet been resolved, but it is expected that updates will be released soon to be able to solve it. That is why we always recommend having the latest versions of the devices. Updating the router is essential to maintain security.
In short, one of the most widely used fiber optic routers today has a major security flaw. At the moment it has not been corrected and those who have recently contracted fiber with Movistar or with O2 are very likely to have the HGU RTF8115VW model, manufactured by Askey, and should be aware to avoid problems that affect the network.
