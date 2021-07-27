User bokanrb, from GitHub, found one serious vulnerability in the Movistar HGU router, one of the most used computers in Spain to access the internet. As he explains, it is a cross-site scripting vulnerability (Cross-Site Scripting), better known as XSS. We are talking about a very serious security hole that could facilitate, for example, the theft of personal data remotely.

Basically, an XSS vulnerability allows inject JavaScript code in devices to manipulate them in different ways. Generally, this flaw is exploited to steal authentication data, among other illegal activities. The person responsible for the discovery specifies that the security hole is present in the model RTF8115VW, manufactured by Askey. The software version, for its part, is BR_SV_g11.11_RTF_TEF001_V6.54_V014.

Bokanrb describes that the vulnerability is found on the web management system of the Movistar HGU router. When entering data in the address bar, the system does not validate it and returns it as embedded HTML. Therefore, it would be possible to execute JavaScript code in a simple way. One way to check if your router is among the affected models is to make a GET request to display an alert in the browser.

Movistar’s HGU router has been exposed for 5 months

According to Broadband.EuThis is the router that Movistar has installed in recent months for its fiber optic customers. Perhaps the most worrying thing about the situation is that the user disclosed the vulnerability since last February. Namely, the security breach has five months without solution, a fairly long period in which the safety of many people has been compromised. Although Movistar’s HG router has received several updates since then, none have solved the problem.

The security team of Movistar indicates that it is investigating the case and they will offer more information soon. As this is a serious vulnerability in your router, it would be best if they provide a software update as quickly as possible. Of course, since so much time has passed since the discovery of the failure, it is not ruled out that some attackers have exploited the hole with the help of phishing.