DEBIAN-CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

DEBIAN-CVE-2023-38316

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt...

DEBIAN-CVE-2023-38315

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a trytoauthenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Service...

DEBIAN-CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a showpreauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. This problem...

UBUNTU-CVE-2023-38314

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Servic...

UBUNTU-CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a showpreauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. This problem...

UBUNTU-CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a dobinauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. The issue...

UBUNTU-CVE-2023-41102

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenW...

CVE-2023-41101

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. getquery in httpmicrohttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions...

CVE-2023-38316

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt...

CVE-2023-41102

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenW...

The vulnerability in the web interface of the LuCI, a built-in operating system called OpenWrt, allows attackers to execute cross-site scripting attacks.

The vulnerability in the LuCI web interface of the embedded operating system OpenWrt is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the sshkeys.js component in the embedded operating system OpenWrt, related to the lack of security measures for the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the sshkeys.js component in the embedded operating system OpenWrt is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the LuCI interface in the embedded operating system OpenWrt, which allows a hacker to perform XSS attacks.

The vulnerability of the LuCI interface in the embedded operating system OpenWrt is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the LuCI web interface in the embedded operating system OpenWrt allows attackers to perform cross-site scripting attacks.

The vulnerability of the LuCI web interface in the embedded operating system OpenWrt is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The Rising Diicot Threat Group with Diverse Attack Capabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Romanian threat group “Diicot” has been actively employing SSH bruteforcing and deploying malware loaders to compromise systems for the purpose of cryptocurrency mining. The campaign involves exploitin...

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service DDoS attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crime...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability exists in OpenWrt LuCI 22.10b202303061504 and earlier versions, which stems from vulnerability to cross-site scripting XSS attacks...

CVE-2023-24182

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /system/sshkeys.js...

CVE-2023-24182

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /system/sshkeys.js...