CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/1390.html
https://github.com/openNDS/openNDS/blob/master/ChangeLog
https://github.com/openNDS/openNDS/releases/tag/v10.1.2	Release Notes Vendor Advisory
https://openwrt.org/docs/guide-user/services/captive-portal/opennds
https://www.forescout.com/resources/sierra21-vulnerabilities

Configurations

Configuration 1 (hide)

cpe:2.3:a:opennds:captive_portal:*:*:*:*:*:*:*:*

History

26 Jan 2024, 05:15

Type	Values Removed	Values Added
References		() https://cwe.mitre.org/data/definitions/1390.html - () https://github.com/openNDS/openNDS/blob/master/ChangeLog - () https://openwrt.org/docs/guide-user/services/captive-portal/opennds - () https://www.forescout.com/resources/sierra21-vulnerabilities -
Summary	(en) An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default).	(en) An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS.

Information

Published : 2023-11-17 06:15

Updated : 2024-01-26 05:15

NVD link : CVE-2023-38324

Mitre link : CVE-2023-38324

CVE.ORG link : CVE-2023-38324

JSON object : View

Products Affected

opennds

captive_portal

CWE

NVD-CWE-noinfo

5.3 /10