Internet

They discover a failure in the Movistar router; that’s how it affects you

Deepak GuptaJuly 27, 2021
0

An XSS vulnerability affects Movistar’s HGU router

It is one of the models most used by fiber optic customers. It specifically affects the model HGU RTF8115VW manufactured by Askey, since Movistar has several similar-looking models. This is the most recent, so if you have contracted fiber with this operator or its subsidiary O2 in recent months, it is very likely that you are affected.

How does this problem work? This occurs when visit a url with the access interface to the router. Basically the form with which we put the username and password to enter the configuration and be able to change the Wi-Fi password, the name of the network, etc. The Movistar HGU router is a widely used model and such a failure can affect many clients.

According to the user bokanrb on GitHub, this security flaw was discovered five months ago, last February, and has not yet been corrected. There it shows how this vulnerability works and how a hypothetical attacker could take advantage of it and put our security at risk.

How to know if the router is affected

An attacker can use the URL http://192.168.1.1/cgi-bin/te_acceso_router.cgi?curWebPage=/settings-internet.asp";alert('xss')//&loginUsername=admin&loginPassword=admin where 192.168.1.1 would be the default gateway to access the router and alert (‘xss’) would be the JavaScript code it would execute. The name and password part would contain any value, since these are not validated.

In the event that our device is affected by this vulnerability, which will be normal if we use the RTF8115VW model of the Movistar HGU router, a dialog box by putting that url in the browser.

In this way, through this technique a possible attacker could execute malicious code in our team. It does this after it gets us to visit the URL with the bug. Logically with this it could sneak malware, enter our devices, steal information …

Movistar HGU router failure

The vulnerability It has been registered as CVE-2021-27403. At the time of writing this article it has not yet been resolved, but it is expected that updates will be released soon to be able to solve it. That is why we always recommend having the latest versions of the devices. Updating the router is essential to maintain security.

In short, one of the most widely used fiber optic routers today has a major security flaw. At the moment it has not been corrected and those who have recently contracted fiber with Movistar or with O2 are very likely to have the HGU RTF8115VW model, manufactured by Askey, and should be aware to avoid problems that affect the network.

We have other articles that may interest you:
  1. Could they spoof facial recognition? Discover the consequences
  2. Why the router is blinking: know the signals it emits
  3. DV certificates: why they are a weapon for cybercriminals
  4. Looking for a router to work with? These functions must have
  5. Discover the professional alarm from Ajax Systems in our unboxing
  6. Change router or buy a repeater to improve Wi-Fi?
Deepak GuptaJuly 27, 2021
0

Related Articles

So you can get the most out of your solar panels with Home Assistant

April 5, 2023

All this tells you that your router is not working well

March 29, 2022

Dangerous and unknown attacks to control your mobile

May 24, 2022

5 dangers of using Wi-Fi away from home

January 26, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *