Lucene search
K
OpenndsCaptive Portal

7 matches found

CVE
CVE
added 2023/11/17 12:0 a.m.62 views

CVE-2023-38316

Summary: CVE-2023-38316 affects OpenNDS Captive Portal prior to v10.1.2. When the custom unescape callback is enabled, an attacker can execute arbitrary OS commands by placing them in the URL portion of HTTP GET requests. The issue is fixed in OpenNDS to v10.1.3, with patches in OpenWrt master, O...

9.8CVSS9.8AI score0.01083EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.52 views

CVE-2023-38324

CVE-2023-38324 affects OpenNDS before 10.1.2, where a vulnerability in the FAS configuration allows users to skip the splash page and directly authenticate using the default FAS key. A fix was released by updating to OpenNDS 10.1.3; OpenWrt master, OpenWrt 23.05, and OpenWrt 22.03 include this up...

5.3CVSS5.2AI score0.00685EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.49 views

CVE-2023-38313

CVE-2023-38313 affects OpenNDS Captive Portal prior to 10.1.2. A NULL pointer dereference in do_binauth can be triggered by a crafted GET request with a missing client redirect parameter, leading to Denial-of-Service (crash) when BinAuth is enabled. A fix is available: OpenNDS 10.1.3; updates wer...

7.5CVSS7.4AI score0.00956EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.43 views

CVE-2023-38320

CVE-2023-38320 describes a NULL pointer dereference in OpenNDS Captive Portal before 10.1.2. A crafted GET request with a missing User-Agent header can trigger this, leading to a Denial-of-Service (OpenNDS crash). The issue has a concrete fix: OpenNDS was updated to version 10.1.3, and patches we...

7.5CVSS7.4AI score0.00956EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.42 views

CVE-2023-38315

OpenNDS Captive Portal (before 10.1.2) is affected by a NULL pointer dereference in try_to_authenticate triggered by a crafted GET with a missing client token parameter, leading to a Denial-of-Service (crash). A fix is available: update OpenNDS to 10.1.3, which was applied in OpenWrt master, Open...

7.5CVSS7.4AI score0.00964EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.41 views

CVE-2023-38314

CVE-2023-38314 affects OpenNDS Captive Portal before version 10.1.2, where a NULL pointer dereference in preauthenticated() can be triggered by a crafted GET request with a missing redirect query string parameter, causing a Denial-of-Service. The issue is mitigated by updating OpenNDS to version ...

6.5CVSS6.4AI score0.00935EPSS
CVE
CVE
added 2023/11/17 12:0 a.m.38 views

CVE-2023-38322

CVE-2023-38322 affects OpenNDS Captive Portal prior to 10.1.2. A do_binauth NULL pointer dereference can be triggered by a crafted GET request with a missing User-Agent header, causing a Denial-of-Service when the client is about to be authenticated and BinAuth is enabled. The issue is mitigated ...

7.5CVSS7.4AI score0.00982EPSS