{"id":"CVE-2023-38321","details":"OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.","modified":"2026-03-15T22:44:42.626207Z","published":"2023-12-25T09:15:07.223Z","references":[{"type":"WEB","url":"https://openwrt.org/docs/guide-user/services/captive-portal/opennds"},{"type":"ADVISORY","url":"https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx"},{"type":"ADVISORY","url":"https://github.com/openNDS/openNDS/blob/master/ChangeLog"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38321.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.17.0.12"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}