That LuCI injection never applied to vanilla OpenWrt, it targets an insecure vendor customization. See also Meaning of the "cgi-bin" command - #4 by lleachii for another such example. Vendors love to hack LuCI and adding textbook vulnerabilities to it.
3 Likes