Lucene search

K

MitreCVELIST:CVE-2023-38324

HistoryNov 17, 2023 - 12:00 a.m.

CVE-2023-38324

2023-11-1700:00:00

mitre

www.cve.org

2

opennds

authentication bypass

fas

EPSS

0.001

Percentile

32.2%

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

References

cwe.mitre.org/data/definitions/1390.html

github.com/openNDS/openNDS/blob/master/ChangeLog

github.com/openNDS/openNDS/releases/tag/v10.1.2

github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80

openwrt.org/docs/guide-user/services/captive-portal/opennds

source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs

www.forescout.com/resources/sierra21-vulnerabilities

EPSS

0.001

Percentile

32.2%

Related for CVELIST:CVE-2023-38324

ubuntucve1 osv1 prion1 cve1 nvd1 debiancve1