Captive Portal@* Security Vulnerabilities and Issues — Captive Portal@* CVE List

Lucene search

OpenndsCaptive Portal*

7 matches found

CVE•added 2023/11/17 6:15 a.m.•44 views

CVE-2023-38316

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt mast...

9.8CVSS9.8AI score0.00706EPSS

CVE•added 2023/11/17 6:15 a.m.•34 views

CVE-2023-38313

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition...

7.5CVSS7.4AI score0.0026EPSS

CVE•added 2023/11/17 6:15 a.m.•31 views

CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and Open...

5.3CVSS5.2AI score0.00326EPSS

CVE•added 2023/11/17 6:15 a.m.•30 views

CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem...

7.5CVSS7.4AI score0.0045EPSS

CVE•added 2023/11/17 6:15 a.m.•29 views

CVE-2023-38315

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service con...

7.5CVSS7.4AI score0.00227EPSS

CVE•added 2023/11/17 6:15 a.m.•28 views

CVE-2023-38314

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Servi...

6.5CVSS6.4AI score0.00481EPSS

CVE•added 2023/11/17 6:15 a.m.•26 views

CVE-2023-38322

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue...

7.5CVSS7.4AI score0.00516EPSS