7 matches found
CVE-2023-38316
Summary: CVE-2023-38316 affects OpenNDS Captive Portal prior to v10.1.2. When the custom unescape callback is enabled, an attacker can execute arbitrary OS commands by placing them in the URL portion of HTTP GET requests. The issue is fixed in OpenNDS to v10.1.3, with patches in OpenWrt master, O...
CVE-2023-38324
CVE-2023-38324 affects OpenNDS before 10.1.2, where a vulnerability in the FAS configuration allows users to skip the splash page and directly authenticate using the default FAS key. A fix was released by updating to OpenNDS 10.1.3; OpenWrt master, OpenWrt 23.05, and OpenWrt 22.03 include this up...
CVE-2023-38313
CVE-2023-38313 affects OpenNDS Captive Portal prior to 10.1.2. A NULL pointer dereference in do_binauth can be triggered by a crafted GET request with a missing client redirect parameter, leading to Denial-of-Service (crash) when BinAuth is enabled. A fix is available: OpenNDS 10.1.3; updates wer...
CVE-2023-38320
CVE-2023-38320 describes a NULL pointer dereference in OpenNDS Captive Portal before 10.1.2. A crafted GET request with a missing User-Agent header can trigger this, leading to a Denial-of-Service (OpenNDS crash). The issue has a concrete fix: OpenNDS was updated to version 10.1.3, and patches we...
CVE-2023-38315
OpenNDS Captive Portal (before 10.1.2) is affected by a NULL pointer dereference in try_to_authenticate triggered by a crafted GET with a missing client token parameter, leading to a Denial-of-Service (crash). A fix is available: update OpenNDS to 10.1.3, which was applied in OpenWrt master, Open...
CVE-2023-38314
CVE-2023-38314 affects OpenNDS Captive Portal before version 10.1.2, where a NULL pointer dereference in preauthenticated() can be triggered by a crafted GET request with a missing redirect query string parameter, causing a Denial-of-Service. The issue is mitigated by updating OpenNDS to version ...
CVE-2023-38322
CVE-2023-38322 affects OpenNDS Captive Portal prior to 10.1.2. A do_binauth NULL pointer dereference can be triggered by a crafted GET request with a missing User-Agent header, causing a Denial-of-Service when the client is about to be authenticated and BinAuth is enabled. The issue is mitigated ...