CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a showpreauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. This problem...

DEBIAN-CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a showpreauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. This problem...

UBUNTU-CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a dobinauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. The issue...