Vulnerabilities > CVE-2023-38320 - NULL Pointer Dereference vulnerability in Opennds Captive Portal

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

opennds

CWE-476

NVD

Published: 2023-11-17

Updated: 2023-11-23

Summary

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).

Vulnerable Configurations

Part	Description	Count
Application	Opennds Opennds Captive Portal *	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/openNDS/openNDS/releases/tag/v10.1.2