Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Captive Portal Security Vulnerabilities - 2023

cve
cve

CVE-2023-38313

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition...

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-17 06:15 AM
15
cve
cve

CVE-2023-38314

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Servi...

6.5CVSS

6.4AI Score

0.001EPSS

2023-11-17 06:15 AM
16
cve
cve

CVE-2023-38315

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service con...

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-17 06:15 AM
17
cve
cve

CVE-2023-38316

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt mast...

9.8CVSS

9.8AI Score

0.001EPSS

2023-11-17 06:15 AM
26
cve
cve

CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem...

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-17 06:15 AM
16
cve
cve

CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue...

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-17 06:15 AM
17
cve
cve

CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and Open...

5.3CVSS

5.2AI Score

0.001EPSS

2023-11-17 06:15 AM
20