VYPR
Moderate severityNVD Advisory· Published Apr 24, 2023· Updated Feb 4, 2025

lorawan-stack has open redirect vulnerability

CVE-2023-26494

Description

lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
go.thethings.network/lorawan-stack/v3Go
< 3.24.13.24.1

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.