Home > Vulnerability Database > CVE-2023-38322

Mend.io Vulnerability Database

CVE-2023-38322

Good to know:

Date: November 16, 2023

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

Language: C

Severity Score

7.5

Related Resources (6)

Url: https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80

Url: https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs

Url: https://github.com/openNDS/openNDS/releases/tag/v10.1.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38322

Url: https://security-tracker.debian.org/tracker/CVE-2023-38322

Url: https://www.mend.io/vulnerability-database/CVE-2023-38322

Severity Score

7.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version v10.1.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38322

Good to know:

Date: November 16, 2023

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?