CVE-2023-38315

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 17, 2023

Updated: Jun 20, 2024

CWE ID 476

Summary

CVE-2023-38315 is a vulnerability affecting OpenNDS Captive Portal before version 10.1.2. This issue involves a NULL pointer dereference in the try_to_authenticate function. It can be triggered by sending a crafted GET HTTP request with a missing client token query string parameter. Consequences of exploiting this vulnerability include crashing OpenNDS, resulting in a Denial-of-Service condition. Versions 10.1.3 of OpenNDS, released on August 28, 2023, address this vulnerability in OpenWrt master, OpenWrt 23.05, and OpenWrt 22.03.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r_mrWw
https://www.cve.org/CVERecord?id=CVE-2023-38315
https://nvd.nist.gov/vuln/detail/CVE-2023-38315

Back to Vulnerability Database

CVE-2023-38315

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations