5.4
CVE-2022-32175
- EPSS 0.05%
- Published 11.10.2022 15:15:09
- Last modified 20.05.2025 14:15:21
- Source vulnerabilitylab@mend.io
- Teams watchlist Login
- Open Login
In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.
Data is provided by the National Vulnerability Database (NVD)
Adguard ≫ Adguardhome Version >= 0.95 < 0.108
Adguard ≫ Adguardhome Version0.108 Update-
Adguard ≫ Adguardhome Version0.108 Updatebeta1
Adguard ≫ Adguardhome Version0.108 Updatebeta10
Adguard ≫ Adguardhome Version0.108 Updatebeta11
Adguard ≫ Adguardhome Version0.108 Updatebeta12
Adguard ≫ Adguardhome Version0.108 Updatebeta2
Adguard ≫ Adguardhome Version0.108 Updatebeta3
Adguard ≫ Adguardhome Version0.108 Updatebeta4
Adguard ≫ Adguardhome Version0.108 Updatebeta5
Adguard ≫ Adguardhome Version0.108 Updatebeta6
Adguard ≫ Adguardhome Version0.108 Updatebeta7
Adguard ≫ Adguardhome Version0.108 Updatebeta8
Adguard ≫ Adguardhome Version0.108 Updatebeta9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.166 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.