ГлавнаяУязвимости → CVE-2023-38323
9.8критическая

CVE-2023-38323

Описание

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.

Затрагиваемое ПО
Opennds Opennds
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/openNDS/openNDS/blob/master/ChangeLoghttps://github.com/openNDS/openNDS/releases/tag/v10.1.3https://openwrt.org/docs/guide-user/services/captive-portal/openndshttps://www.forescout.com/resources/sierra21-vulnerabilitieshttps://github.com/openNDS/openNDS/blob/master/ChangeLoghttps://github.com/openNDS/openNDS/releases/tag/v10.1.3https://openwrt.org/docs/guide-user/services/captive-portal/openndshttps://www.forescout.com/resources/sierra21-vulnerabilities