CVE-2023-41101
Description
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in OpenNDS captive portal's query string handling allows DoS and potential RCE; fixed in version 10.1.3.
Vulnerability
The vulnerability is a buffer overflow in OpenNDS's captive portal, specifically in the get_query function in http_microhttpd.c, where the length of the query string in GET requests is not validated. This leads to a stack-based buffer overflow in versions 9.x and earlier, and a heap-based buffer overflow in versions 10.x and later. Affected versions are before OpenNDS version 10.1.3 [1][2].
Exploitation
An attacker needs to send a specially crafted GET request with an overly long query string to the captive portal. No authentication is required as the captive portal is typically accessible before authentication. The overflow can be triggered without user interaction [1].
Impact
Successful exploitation allows an attacker to cause a denial-of-service condition by crashing OpenNDS, or potentially achieve remote code execution by injecting and executing arbitrary bytecode (RCE) [1][2].
Mitigation
The vulnerability is fixed in OpenNDS version 10.1.3 and later [2]. OpenWrt master and 23.05 were updated to OpenNDS 10.2.0 on 23 November 2023 [3]. Users should upgrade to the latest version. No workaround is provided.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- OpenNDS/OpenNDSdescription
- osv-coords2 versionspkg:deb/ubuntu/opennds@10.2.0+dfsg-1build2?arch=source&distro=noblepkg:deb/ubuntu/opennds@10.2.0+dfsg-1build2?arch=source&distro=oracular
>= 0+ 1 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/openNDS/openNDS/commit/c294cf30e0a2512062c66e6becb674557b4aed8dmitre
- github.com/openNDS/openNDS/releases/tag/v10.1.3mitre
- github.com/openwrt/routing/commit/88c98c910acccab694b3afb6d36d70ca429118a6mitre
- source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/mitre
News mentions
0No linked articles in our index yet.