{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T22:22:03.946","vulnerabilities":[{"cve":{"id":"CVE-2023-38315","sourceIdentifier":"cve@mitre.org","published":"2023-11-17T06:15:33.577","lastModified":"2024-11-21T08:13:18.747","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3."},{"lang":"es","value":"Se descubrió un problema en OpenNDS Captive Portal antes de la versión 10.1.2. Tiene una desreferencia de puntero try_to_authenticate NULL que se puede activar con un GET HTTP manipulado con un parámetro de cadena de consulta de token de cliente faltante. La activación de este problema provoca el bloqueo de OpenNDS (una condición de denegación de servicio)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opennds:captive_portal:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.2","matchCriteriaId":"41C7501E-5FCE-4728-A6DC-9DD6C0468496"}]}]}],"references":[{"url":"https://github.com/openNDS/openNDS/releases/tag/v10.1.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80","source":"cve@mitre.org"},{"url":"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs","source":"cve@mitre.org"},{"url":"https://github.com/openNDS/openNDS/releases/tag/v10.1.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}