Login Sign Up

CVE-2023-38317

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2023-38317 is a command injection vulnerability in OpenNDS that allows attackers with access to the configuration file to execute arbitrary operating system commands. This affects OpenNDS installations before version 10.1.3, primarily used for captive portal authentication on networks.

💻 Affected Systems

Products:
  • OpenNDS
Versions: All versions before 10.1.3
Operating Systems: Linux-based systems (commonly OpenWrt)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker access to the configuration file, either directly or through other vulnerabilities.

📦 What is this software?

Opennds by Opennds

View all CVEs affecting Opennds →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root-level command execution, allowing attackers to install malware, pivot to other systems, or disrupt network services.

🟠

Likely Case

Local privilege escalation leading to unauthorized network access, credential theft, or captive portal manipulation.

🟢

If Mitigated

Limited impact with proper file permissions preventing unauthorized configuration file access.

🌐 Internet-Facing: MEDIUM - OpenNDS typically faces internal networks but may be exposed via captive portals.
🏢 Internal Only: HIGH - Attackers with network access can potentially reach the configuration file.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to modify the configuration file, which may be protected by file permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.3

Vendor Advisory: https://github.com/openNDS/openNDS/releases/tag/v10.1.3

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update OpenNDS to version 10.1.3 or later. 3. Restart OpenNDS service. 4. Verify the update with version check.

🔧 Temporary Workarounds

Restrict configuration file permissions

linux

Set strict file permissions on OpenNDS configuration files to prevent unauthorized modification.

chmod 600 /etc/opennds/*.conf
chown root:root /etc/opennds/*.conf

Network segmentation

all

Isolate OpenNDS instances from untrusted networks and limit administrative access.

🧯 If You Can't Patch

  • Implement strict file permissions (chmod 600) on all OpenNDS configuration files
  • Monitor configuration files for unauthorized changes using file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check OpenNDS version and compare with vulnerable range (before 10.1.3).

Check Version:

opennds --version

Verify Fix Applied:

Confirm version is 10.1.3 or later and test configuration file sanitization.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected configuration file modifications
  • Unusual command execution in system logs
  • Failed authentication attempts to configuration files

Network Indicators:

  • Unusual outbound connections from OpenNDS host
  • Anomalous captive portal behavior

SIEM Query:

source="opennds" AND (event="config_modified" OR event="command_exec")

📊 Metadata

CVE ID: CVE-2023-38317
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: January 26, 2024
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38317, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)