Mastodawn

Rooting OpenWRT from the parking lot: I discovered an XSS in the OpenWRT SSID scan page, that can be chained to remote root access 👾
Write-up and demo: https://mxsasha.eu/posts/openwrt-ssid-xss-to-root/
CVE-2026-32721, fixed in 24.10.6 / 25.12.1

Show thread

panu

@sash
Thanks for the heads up! I frequent the forums but it's been a couple of days since my last visit so I missed this one. It seems the release was announced 17h ago.

Now, if this was found in a commercial router firmware, how quickly would you guess there'd be a fix available?

I'd say weeks, or maybe months.

edit: hashtag for better reach #OpenWRT