CVE-2023-38319 – CVE-2023-38319 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2023-38319?

CVE-2023-38319 has a CVSS score of 9.8 (CRITICAL). CVE-2023-38319 is a command injection vulnerability in OpenNDS that allows attackers with access to the configuration file to execute arbitrary operating system commands. This affects OpenNDS installations before version 10.1.3, potentially compromising the entire system where OpenNDS runs. Organizations using OpenNDS for captive portal functionality are at risk.

📋 TL;DR

CVE-2023-38319 is a command injection vulnerability in OpenNDS that allows attackers with access to the configuration file to execute arbitrary operating system commands. This affects OpenNDS installations before version 10.1.3, potentially compromising the entire system where OpenNDS runs. Organizations using OpenNDS for captive portal functionality are at risk.

💻 Affected Systems

Products:

OpenNDS

Versions: All versions before 10.1.3

Operating Systems: Linux, OpenWrt

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where OpenNDS configuration files are accessible to attackers, either through direct file access or via other vulnerabilities that provide configuration file access.

📦 What is this software?

Opennds by Opennds

View all CVEs affecting Opennds →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands with the privileges of the OpenNDS process, potentially leading to complete system takeover, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Attackers with access to the configuration file (either directly or through other vulnerabilities) can execute commands to install malware, create backdoors, or disrupt network services.

🟢

If Mitigated

With proper file permissions and network segmentation, impact is limited to the OpenNDS service and its host system, preventing lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the configuration file, which may be obtained through other vulnerabilities or misconfigurations. The command injection itself is straightforward once file access is achieved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.3

Vendor Advisory: https://github.com/openNDS/openNDS/releases/tag/v10.1.3

Restart Required: Yes

Instructions:

1. Download OpenNDS version 10.1.3 or later from the official repository. 2. Stop the OpenNDS service. 3. Backup current configuration. 4. Install the new version. 5. Restart the OpenNDS service.

🔧 Temporary Workarounds

Restrict configuration file permissions

linux

Set strict file permissions on OpenNDS configuration files to prevent unauthorized access

chmod 600 /etc/opennds/*.conf
chown root:root /etc/opennds/*.conf

Network segmentation

all

Isolate OpenNDS systems from critical network segments

🧯 If You Can't Patch

Implement strict file permissions on all OpenNDS configuration files (chmod 600)
Monitor configuration files for unauthorized modifications and restrict access to authorized administrators only

🔍 How to Verify

Check if Vulnerable:

Check OpenNDS version with 'opennds --version' or examine package version. If version is below 10.1.3, the system is vulnerable.

Check Version:

opennds --version

Verify Fix Applied:

After patching, verify version is 10.1.3 or higher with 'opennds --version'. Test configuration file access restrictions.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from OpenNDS context
Modifications to OpenNDS configuration files
Failed attempts to access configuration files

Network Indicators:

Unexpected outbound connections from OpenNDS host
Unusual network traffic patterns from captive portal systems

SIEM Query:

process.name:sh OR process.name:bash AND parent.name:opennds

📊 Metadata

CVE ID: CVE-2023-38319

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: January 26, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/openNDS/openNDS/blob/master/ChangeLog Release Notes
https://github.com/openNDS/openNDS/releases/tag/v10.1.3 Release Notes
https://openwrt.org/docs/guide-user/services/captive-portal/opennds Product
https://www.forescout.com/resources/sierra21-vulnerabilities Exploit,Third Party Advisory
https://github.com/openNDS/openNDS/blob/master/ChangeLog Release Notes
https://github.com/openNDS/openNDS/releases/tag/v10.1.3 Release Notes
https://openwrt.org/docs/guide-user/services/captive-portal/opennds Product
https://www.forescout.com/resources/sierra21-vulnerabilities Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38319, you might also want to check these: