CVE-2023-38324
N/A
N/A
Summary
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://openwrt.org/docs/guide-user/services/captive-portal/opennds
- https://github.com/openNDS/openNDS/releases/tag/v10.1.2
- https://github.com/openNDS/openNDS/blob/master/ChangeLog
- https://www.forescout.com/resources/sierra21-vulnerabilities
- https://cwe.mitre.org/data/definitions/1390.html
- https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://openwrt.org/docs/guide-user/services/captive-portal/opennds
- https://github.com/openNDS/openNDS/releases/tag/v10.1.2
- https://github.com/openNDS/openNDS/blob/master/ChangeLog
- https://www.forescout.com/resources/sierra21-vulnerabilities
- https://cwe.mitre.org/data/definitions/1390.html
- https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.