CVE-2023-38317

2024-01-2600:00:00

mitre

www.cve.org

opennds

configuration file

arbitrary os commands

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

38.2%

JSON

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.

References

github.com/openNDS/openNDS/blob/master/ChangeLog

github.com/openNDS/openNDS/releases/tag/v10.1.3

openwrt.org/docs/guide-user/services/captive-portal/opennds

www.forescout.com/resources/sierra21-vulnerabilities