Описание
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.
Ссылки
- Issue Tracking
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0 (исключая)
cpe:2.3:a:pi-hole:pi-hole:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00111
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.
EPSS
Процентиль: 30%
0.00111
Низкий
7.5 High
CVSS3
Дефекты
CWE-862