DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Root from the parking lot: OpenWRT XSS through SSID scanning (CVE-2026-32721)

Quality: 8/10 Relevance: 9/10

Summary

OpenWrt LuCI’s wireless scan UI is vulnerable to a crafted SSID that injects HTML via innerHTML, enabling XSS in an admin session. The attacker can escalate to remote root access, with a CVSS v3.1 score of 8.6; OpenWrt has patched the issue in newer releases, and downstream vendors may need updates to mitigate risk.

🚀 Service construit par Johan Denoyer