CVE-2022-32175

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adguard:adguardhome:*:*:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:-:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta1:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta10:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta11:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta12:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta2:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta3:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta4:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta5:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta6:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta7:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta8:*:*:*:*:*:*
cpe:2.3:a:adguard:adguardhome:0.108:beta9:*:*:*:*:*:*

History

21 Nov 2024, 07:05

Type Values Removed Values Added
References () https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265 - Exploit, Third Party Advisory () https://github.com/AdguardTeam/AdGuardHome/blob/v0.108.0-b.13/internal/home/controlfiltering.go#L265 - Exploit, Third Party Advisory
References () https://www.mend.io/vulnerability-database/CVE-2022-32175 - Exploit, Third Party Advisory () https://www.mend.io/vulnerability-database/CVE-2022-32175 - Exploit, Third Party Advisory

26 Oct 2022, 16:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 5.4

12 Oct 2022, 19:09

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-11 15:15

Updated : 2024-11-21 07:05


NVD link : CVE-2022-32175

Mitre link : CVE-2022-32175

CVE.ORG link : CVE-2022-32175


JSON object : View

Products Affected

adguard

  • adguardhome
CWE
CWE-352

Cross-Site Request Forgery (CSRF)