HIGH🇬🇧 English

CVE-2024-44069

CVSS 7.5v3.1pub. 2024-08-19upd. 2025-10-10

Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Pi Hole

    APP
    Pi-Hole
    < 6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-34087CRITICAL9.0PL ✓ten sam produkt

Command Injection w Pi-hole do wersji 3.3 — nieautoryzowane wykonanie poleceń OS

CVE-2020-8816HIGH7.2⚠ KEVten sam produkt

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHC...

CVE-2024-34361HIGH8.5ten sam produkt

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side softw...

CVE-2024-28247HIGH7.6ten sam produkt

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-s...

CVE-2021-32706HIGH7.6ten sam produkt

Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statis...

CVE-2024-44069 — HIGH 7.5 | CVEbaza.pl