CVE-2021-32019

Name of the Vulnerable Software and Affected Versions OpenWrt versions prior to 19.07.8

Description The issue is related to missing input validation of host names displayed in OpenWrt, which allows for XSS attacks on the Connection Status page of the luci web-interface. This can be exploited to gain full control over the affected system via ICMP. The vulnerability is associated with a lack of protection measures for the web page structure, enabling a remote attacker to conduct an inter-site scripting attack.

Recommendations For OpenWrt versions prior to 19.07.8, update to version 19.07.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Connection Status page of the luci web-interface to minimize the risk of exploitation.