CVE-2023-38314

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 17, 2023

Updated: Jun 20, 2024

CWE ID 476

Summary

CVE-2023-38314 is a vulnerability affecting OpenNDS Captive Portal before version 10.1.2. This issue involves a NULL pointer dereference in the preauthenticated() function, which can be triggered by a crafted GET HTTP request lacking a redirect query string parameter. The result is a Denial-of-Service condition as OpenNDS crashes. Version 10.1.3, released on August 28, 2023, addresses and fixes this issue in OpenWrt master, OpenWrt 23.05, and OpenWrt 22.03.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r_mft_
https://www.cve.org/CVERecord?id=CVE-2023-38314
https://nvd.nist.gov/vuln/detail/CVE-2023-38314

Back to Vulnerability Database

CVE-2023-38314

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations