CVE-2020-23015
MEDIUM NUCLEIOPNsense <= 20.1.5 - Open Redirect via Login Page URL Parameter
Title source: llmExploitation Summary
CVE-2020-23015 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
Nuclei Templates (1)
OPNsense <=20.1.5 - Open Redirect
MEDIUMby 0x_Akoko
Shodan:
http.title:"opnsense"
FOFA:
title="opnsense"
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/opnsense/core/issues/4061
Scores
CVSS v3
6.1
EPSS
0.0269
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
opnsense/opnsense
< 20.1.5
Published
May 03, 2021
Tracked Since
Feb 18, 2026