CVE-2023-38318

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
Configurations

Configuration 1 (hide)

cpe:2.3:a:opennds:opennds:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:13

Type Values Removed Values Added
References () https://github.com/openNDS/openNDS/blob/master/ChangeLog - Release Notes () https://github.com/openNDS/openNDS/blob/master/ChangeLog - Release Notes
References () https://github.com/openNDS/openNDS/releases/tag/v10.1.3 - Release Notes () https://github.com/openNDS/openNDS/releases/tag/v10.1.3 - Release Notes
References () https://openwrt.org/docs/guide-user/services/captive-portal/opennds - Product () https://openwrt.org/docs/guide-user/services/captive-portal/opennds - Product
References () https://www.forescout.com/resources/sierra21-vulnerabilities - Exploit, Third Party Advisory () https://www.forescout.com/resources/sierra21-vulnerabilities - Exploit, Third Party Advisory

02 Feb 2024, 15:54

Type Values Removed Values Added
CPE cpe:2.3:a:opennds:opennds:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://www.forescout.com/resources/sierra21-vulnerabilities - () https://www.forescout.com/resources/sierra21-vulnerabilities - Exploit, Third Party Advisory
References () https://github.com/openNDS/openNDS/blob/master/ChangeLog - () https://github.com/openNDS/openNDS/blob/master/ChangeLog - Release Notes
References () https://openwrt.org/docs/guide-user/services/captive-portal/opennds - () https://openwrt.org/docs/guide-user/services/captive-portal/opennds - Product
References () https://github.com/openNDS/openNDS/releases/tag/v10.1.3 - () https://github.com/openNDS/openNDS/releases/tag/v10.1.3 - Release Notes
First Time Opennds
Opennds opennds
CWE CWE-78

26 Jan 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-26 05:15

Updated : 2024-11-21 08:13


NVD link : CVE-2023-38318

Mitre link : CVE-2023-38318

CVE.ORG link : CVE-2023-38318


JSON object : View

Products Affected

opennds

  • opennds
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')