An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
References
Link | Resource |
---|---|
https://github.com/openNDS/openNDS/blob/master/ChangeLog | Release Notes |
https://github.com/openNDS/openNDS/releases/tag/v10.1.3 | Release Notes |
https://openwrt.org/docs/guide-user/services/captive-portal/opennds | Product |
https://www.forescout.com/resources/sierra21-vulnerabilities | Exploit Third Party Advisory |
Configurations
History
02 Feb 2024, 15:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.forescout.com/resources/sierra21-vulnerabilities - Exploit, Third Party Advisory | |
References | () https://github.com/openNDS/openNDS/blob/master/ChangeLog - Release Notes | |
References | () https://openwrt.org/docs/guide-user/services/captive-portal/opennds - Product | |
References | () https://github.com/openNDS/openNDS/releases/tag/v10.1.3 - Release Notes | |
First Time |
Opennds
Opennds opennds |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-78 | |
CPE | cpe:2.3:a:opennds:opennds:*:*:*:*:*:*:*:* |
26 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-26 05:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-38319
Mitre link : CVE-2023-38319
CVE.ORG link : CVE-2023-38319
JSON object : View
Products Affected
opennds
- opennds
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')