Unrated severityNVD Advisory· Published Nov 17, 2023· Updated Aug 2, 2024

CVE-2023-38322

Description

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted GET request with a missing User-Agent header triggers a NULL pointer dereference in OpenNDS BinAuth, causing a denial-of-service crash.

Vulnerability

An issue exists in OpenNDS Captive Portal versions before 10.1.2, where a NULL pointer dereference occurs in the do_binauth function when a crafted GET HTTP request lacking a User-Agent header is processed. The vulnerability is only reachable when the BinAuth option is enabled. The affected OpenNDS versions are those prior to the 10.1.2 release, with the fix included in version 10.1.3 [1], [2].

Exploitation

An attacker can exploit this vulnerability by sending a crafted GET request from an unauthenticated client to the captive portal, with the User-Agent HTTP header omitted. The attack requires no prior authentication or network position beyond normal network access to the captive portal. The crash occurs during the authentication process when the BinAuth option is set [1].

Impact

Successful exploitation results in a denial-of-service (DoS) condition by crashing the OpenNDS process. This disrupts captive portal services for all clients until the service is manually restarted. The vulnerability does not lead to information disclosure, code execution, or privilege escalation [1].

Mitigation

OpenNDS has fixed this vulnerability in version 10.1.3, released on or before 28 August 2023. The patch is incorporated into OpenWrt master, OpenWrt 23.05, and OpenWrt 22.03. Users should update OpenNDS to version 10.1.3 or later. If immediate update is not possible, disabling the BinAuth option can prevent the vulnerable code path from being triggered [1], [2].

References

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

OpenNDS/OpenNDS Captive Portaldescription
OpenNDS/OpenNDSllm-fuzzy
Range: <10.1.2
osv-coords2 versions
pkg:deb/ubuntu/opennds@10.2.0+dfsg-1build2?arch=source&distro=noble pkg:deb/ubuntu/opennds@10.2.0+dfsg-1build2?arch=source&distro=oracular
>= 0+ 1 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000