Ubuntu.comUB:CVE-2023-38324CVE-2023-38324
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
32.2%
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip
the splash page sequence (and directly authenticate) when it is using the
default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive
Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and
OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
Bugs
References
github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
launchpad.net/bugs/cve/CVE-2023-38324
nvd.nist.gov/vuln/detail/CVE-2023-38324
security-tracker.debian.org/tracker/CVE-2023-38324
source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
www.cve.org/CVERecord?id=CVE-2023-38324
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
32.2%