Vulnerability CVE-2023-41101


Published: 2023-11-17

Description:
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).

 References:
https://github.com/openNDS/openNDS/releases/tag/v10.1.3
https://github.com/openNDS/openNDS/commit/c294cf30e0a2512062c66e6becb674557b4aed8d

Copyright 2026, cxsecurity.com

 

Back to Top