An XSS vulnerability affects Movistar’s HGU router
It is one of the most used models by fiber optic customers. It specifically affects the HGU RTF8115VW model manufactured by Askey, since Movistar has several similar-looking models. This is the most recent, so if you have contracted fiber with this operator or its O2 subsidiary in recent months, it is very likely that you are affected.
How does this problem work? This occurs when visiting a URL with the access interface to the router. Basically the form with which we put the username and password to enter the configuration and be able to change the Wi-Fi password, the name of the network, etc. Movistar’s HGU router is a widely used model and such a failure can affect many clients.
According to the user bokanrb on GitHub , this security flaw was discovered five months ago, last February, and has not yet been corrected. There he shows how this vulnerability works and how a hypothetical attacker could take advantage of it and put our security at risk.
How to know if the router is affected
An attacker can use the URL
In case our device is affected by this vulnerability, which will be normal if we use the RTF8115VW model of the Movistar HGU router, a dialog box will appear when we put that URL in the browser.
In this way, through this technique a possible attacker could execute malicious code on our computer. It does this after it gets us to visit the URL with the bug. Logically with this it could sneak malware, enter our devices, steal information …
The vulnerability has been registered as CVE-2021-27403 . At the time of writing this article, it has not yet been resolved, but it is expected that updates will be released soon to be able to solve it. That is why we always recommend having the latest versions of the devices. Updating the router is essential to maintain security.
In short, one of the most widely used fiber optic routers today has a major security flaw. At the moment it has not been corrected and those who have recently contracted fiber with Movistar or with O2 are very likely to have the HGU RTF8115VW model, manufactured by Askey, and should be aware to avoid problems that affect the network.