VYPR
High severity7.3NVD Advisory· Published May 28, 2024· Updated Apr 15, 2026

CVE-2023-30312

CVE-2023-30312

Description

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the client (e.g., to deliver false information from a finance website). This occurs because nf_conntrack_tcp_no_window_check is true by default.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openwrt/Openwrtinferred2 versions
    >=18.06+ 1 more
    • (no CPE)range: >=18.06
    • (no CPE)range: >=18.06

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.