Vulnerability DatabaseCVE-2023-38324
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-38324
November 17, 2023
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
Related ResourcesĀ (8)
https://cwe.mitre.org/data/definitions/1390.html
https://github.com/openNDS/openNDS/releases/tag/v10.1.2
https://www.forescout.com/resources/sierra21-vulnerabilities
https://openwrt.org/docs/guide-user/services/captive-portal/opennds
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
https://github.com/openNDS/openNDS/blob/master/ChangeLog
https://security-tracker.debian.org/tracker/CVE-2023-38324
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
EPSS
Base Score:
0.43