sunweaver

6 exploits Active since Nov 2023
CVE-2023-38317 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38318 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38319 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38321 WRITEUP HIGH WRITEUP
Sierra Wireless ALEOS <4.17.0.12 - DoS
OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.
CVSS 7.5
CVE-2023-38323 WRITEUP CRITICAL WRITEUP
OpenNDS <10.1.3 - Command Injection
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVSS 9.8
CVE-2023-38324 WRITEUP MEDIUM WRITEUP
OpenNDS <10.1.2 - Auth Bypass
An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
CVSS 5.3