Home > Vulnerability Database > CVE-2023-38313

Mend.io Vulnerability Database

CVE-2023-38313

Date: November 16, 2023

An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3.

Language: C

Severity Score

7.5

Related Resources (6)

Url: https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80

Url: https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs

Url: https://github.com/openNDS/openNDS/releases/tag/v10.1.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38313

Url: https://security-tracker.debian.org/tracker/CVE-2023-38313

Url: https://www.mend.io/vulnerability-database/CVE-2023-38313

Severity Score

7.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38313

Date: November 16, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?