CVE-2023-38324

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-38324

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38324.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-38324

Downstream

DEBIAN-CVE-2023-38324

UBUNTU-CVE-2023-38324

Published

2023-11-17T06:15:33.760Z

Modified

2025-12-11T02:04:27.739266Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

References

Affected packages

Git / github.com/opennds/opennds

Affected ranges

Type: GIT
Repo: https://github.com/opennds/opennds
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9

Affected versions

v10.*

v10.1.0

v10.1.1

v5.*

v5.0.0

v5.0.1

v5.1.0

v5.2.0

v6.*

v6.0.0

v7.*

v7.0.0

v7.0.1

v8.*

v8.0.0

v8.1.0

v8.1.1

v9.*

v9.0.0

v9.1.0

v9.1.1

v9.10.0

v9.2.0

v9.3.0

v9.4.0

v9.5.0

v9.5.1

v9.6.0

v9.7.0

v9.8.0

v9.9.0

v9.9.1

Git / github.com/openwrt/routing

Affected ranges

Type: GIT
Repo: https://github.com/openwrt/routing
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0b19771fb2dd81e7c428759610aed583171eed80