CVE-2023-38316

CRITICAL

OpenNDS Captive Portal <10.1.2 - Command Injection

Title source: llm

Description

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

References (3)

[Various Sources] https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs

[Release Notes, Vendor Advisory] https://github.com/openNDS/openNDS/releases/tag/v10.1.2

[Patch] https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0124

EPSS Percentile 79.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-116

Status published

Products (1)

opennds/captive_portal < 10.1.2

Published Nov 17, 2023

Tracked Since Feb 18, 2026