CVE-2023-38313
Description
An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NULL pointer dereference in OpenNDS Captive Portal's do_binauth function allows unauthenticated attackers to cause a denial of service via a crafted GET request.
Vulnerability
CVE-2023-38313 is a NULL pointer dereference vulnerability in the do_binauth function of OpenNDS Captive Portal versions prior to 10.1.2. It can be triggered by sending a crafted GET HTTP request that omits the client_redirect query string parameter. The vulnerable code path is only reachable when the BinAuth option is enabled in the configuration [1].
Exploitation
An unauthenticated attacker with network access to the OpenNDS Captive Portal can exploit this vulnerability by sending a specially crafted GET request to the authentication service. The request must omit the client_redirect query string parameter while the BinAuth option is active. No user interaction or special privileges are required beyond network-level connectivity [1][2].
Impact
Successful exploitation results in a NULL pointer dereference, causing the OpenNDS daemon to crash. This leads to a denial-of-service condition, disrupting captive portal authentication for all clients. The crash does not provide any information disclosure, privilege escalation, or code execution [1][2].
Mitigation
The vulnerability is fixed in OpenNDS version 10.1.2 and later [1]. OpenWrt distributions updated OpenNDS to version 10.1.3 on August 28, 2023 [2]. Users should upgrade to version 10.1.2 or higher. If the BinAuth option is not required, disabling it mitigates the risk. No known workarounds exist for systems that require BinAuth functionality [1][2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- OpenNDS/OpenNDS Captive Portaldescription
- osv-coords2 versionspkg:deb/ubuntu/opennds@10.2.0+dfsg-1build2?arch=source&distro=noblepkg:deb/ubuntu/opennds@10.2.0+dfsg-1build2?arch=source&distro=oracular
>= 0+ 1 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.