HIGH🇬🇧 English

CVE-2023-38320

CVSS 7.5v3.1pub. 2023-11-17upd. 2024-11-21

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem was fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Opennds Captive Portal

    APP
    Opennds
    < 10.1.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-38316CRITICAL9.8ten sam produkt

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is ...

CVE-2023-38313HIGH7.5ten sam produkt

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference ...

CVE-2023-38315HIGH7.5ten sam produkt

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL poi...

CVE-2023-38322HIGH7.5ten sam produkt

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dere...

CVE-2023-38314MEDIUM6.5ten sam produkt

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in ...

CVE-2023-38320 — HIGH 7.5 | CVEbaza.pl