Plateforme
linux
Composant
luci
Corrigé dans
24.10.7
25.12.1
CVE-2026-32721 describes a stored Cross-Site Scripting (XSS) vulnerability discovered in LuCI, the OpenWrt Configuration Interface. This vulnerability allows an attacker to inject malicious JavaScript code into the web interface, potentially leading to session hijacking or defacement. The issue affects versions prior to 24.10.5 and those less than 25.12.1. A fix has been released in version 26.072.65753~068150b.
An attacker can exploit this XSS vulnerability by crafting a malicious SSID and injecting it into a Wi-Fi network. When a user opens the wireless scan modal in LuCI (e.g., to connect to a Wi-Fi network or survey nearby networks), the malicious SSID, containing embedded JavaScript, will be rendered as raw HTML. This allows the attacker to execute arbitrary JavaScript code within the user's browser context, potentially stealing session cookies, redirecting the user to a malicious website, or modifying the appearance of the LuCI interface. The impact is particularly severe because LuCI is a critical component for managing OpenWrt devices, and successful exploitation could grant an attacker control over the device's configuration and potentially the network it's connected to.
This vulnerability was publicly disclosed on 2026-03-19. While no active exploitation campaigns have been publicly reported, the ease of exploitation and the widespread use of OpenWrt devices make it a potential target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the XSS nature of the vulnerability and the availability of OpenWrt's source code.
OpenWrt users running versions prior to 24.10.5 and those less than 25.12.1 are at risk. This includes home users, small businesses, and organizations relying on OpenWrt routers for network management. Shared hosting environments utilizing OpenWrt routers for customer access are particularly vulnerable, as a compromised router could impact multiple users.
• linux / server:
journalctl -u luci -g "SSID injection"• linux / server:
grep -r "dom.append" /usr/lib/luci/modules/network/luci-mod-network/wireless.js• generic web:
curl -I http://<openwrt_ip>/cgi-bin/luci/admin/network/wireless/scan | grep Content-Typedisclosure
Statut de l'Exploit
EPSS
0.01% (percentile 1%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-32721 is to upgrade LuCI to version 26.072.65753~068150b or later. Before upgrading, it's recommended to back up your OpenWrt configuration to ensure a rollback option is available in case of unforeseen issues. If a direct upgrade is not possible due to compatibility concerns, consider temporarily disabling the wireless scan functionality within LuCI by modifying the configuration file or using a firewall rule to block access to the relevant endpoint. After upgrading, verify the fix by attempting to connect to a Wi-Fi network with a specially crafted SSID containing basic HTML tags to ensure they are properly sanitized.
Actualice LuCI a la versión 26.072.65753~068150b o superior. Si no es posible actualizar, aplique los parches proporcionados en los commits de GitHub mencionados en las referencias del CVE. Esto solucionará la vulnerabilidad XSS en el modal de escaneo WiFi.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-32721 is a stored XSS vulnerability in OpenWrt's LuCI interface, allowing attackers to inject malicious JavaScript via crafted SSIDs in wireless scan results. It affects versions prior to 24.10.5 and <25.12.1.
You are affected if you are running OpenWrt LuCI versions ≤25.12.0 or <25.12.1. Check your version and upgrade immediately to mitigate the risk.
Upgrade LuCI to version 26.072.65753~068150b or later. Back up your configuration before upgrading and consider temporarily disabling the wireless scan if upgrading is not immediately possible.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's ease of exploitation makes it a potential target. Monitor your systems for suspicious activity.
Refer to the official OpenWrt security advisory for detailed information and updates: [https://lists.openwrt.org/pipermail/openwrt-security/2026-03/000003.html]
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.