Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-38315
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-17 Nov, 2023 | 06:15
Updated At-20 Jun, 2024 | 18:15

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

opennds
opennds
>>captive_portal>>Versions before 10.1.2(exclusive)
cpe:2.3:a:opennds:captive_portal:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/openNDS/openNDS/releases/tag/v10.1.2cve@mitre.org
Release Notes
Vendor Advisory
https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80cve@mitre.org
N/A
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbscve@mitre.org
N/A
Hyperlink: https://github.com/openNDS/openNDS/releases/tag/v10.1.2
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
Source: cve@mitre.org
Resource: N/A
Change History
0Changes found

Details not found