Vulnerabilities > CVE-2023-38324 - Unspecified vulnerability in Opennds Captive Portal

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

opennds

NVD

Published: 2023-11-17

Updated: 2024-01-26

Summary

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS.

Vulnerable Configurations

Part	Description	Count
Application	Opennds Opennds Captive Portal *	1

References

https://github.com/openNDS/openNDS/releases/tag/v10.1.2
https://openwrt.org/docs/guide-user/services/captive-portal/opennds
https://github.com/openNDS/openNDS/blob/master/ChangeLog
https://www.forescout.com/resources/sierra21-vulnerabilities
https://cwe.mitre.org/data/definitions/1390.html