CVE-2021-27403

MEDIUM

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 - Cross-Site Scripting via curWebPage Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27403. PoCs published by bokanrb.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated Cross-Site Scripting (XSS) vulnerability in Askey RTF8115VW modems. The exploit leverages the 'curWebPage' parameter in both GET and POST requests to inject malicious JavaScript payloads without requiring valid credentials.

Description

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.

Exploits (1)

nomisec WORKING POC 13 stars
by bokanrb · poc
https://github.com/bokanrb/CVE-2021-27403

This PoC demonstrates an unauthenticated Cross-Site Scripting (XSS) vulnerability in Askey RTF8115VW modems. The exploit leverages the 'curWebPage' parameter in both GET and POST requests to inject malicious JavaScript payloads without requiring valid credentials.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Askey RTF8115VW with firmware BR_SV_g11.11_RTF_TEF001_V6.54_V014
No auth needed
Prerequisites: Network access to the vulnerable modem · A web browser or tool to send crafted HTTP requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/bokanrb/XSS-Askey

Scores

CVSS v3 6.1
EPSS 0.0123
EPSS Percentile 65.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
asus/askey_rtf8115vw_firmware br_sv_g11.11_rtf_tef001_v6.54_v014
Published Feb 19, 2021
Tracked Since Feb 18, 2026