CVE-2024-44069
HIGHPi-hole < 6.0 - Unauthenticated Temperature Unit Change via admin/api.php
Title source: llmDescription
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.
References (2)
Core 2
Core References
Issue Tracking
https://github.com/pi-hole/web/pull/3077
Exploit, Third Party Advisory
https://www.kiyell.com/The-Harmless-Pihole-Bug/
Scores
CVSS v3
7.5
EPSS
0.0047
EPSS Percentile
37.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
pi-hole/pi-hole
< 6.0
Published
Aug 19, 2024
Tracked Since
Feb 18, 2026