← Back

CVE-2023-38321

nvd nist
Published: Dec 25, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.

Affected (1)

Sierrawireless
1 product
Aleos
Configuration A
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Aleos
Before 4.17.0.12
Running on/withPlatform Versions
Sierrawireless
Lx40
All versions
Sierrawireless
Lx60
All versions
Sierrawireless
Mp70
All versions
Sierrawireless
Rv50x
All versions
Sierrawireless
Rv55
All versions

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (6)

Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Product
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.