Skip to main content

CVE-2022-32175: CWE-352 Cross-Site Request Forgery (CSRF) in AdguardHome AdguardHome

Medium
VulnerabilityCVE-2022-32175cvecve-2022-32175cwe-352
Published: Tue Oct 11 2022 (10/11/2022, 14:20:11 UTC)
Source: CVE
Vendor/Project: AdguardHome
Product: AdguardHome

Description

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.

AI-Powered Analysis

AILast updated: 07/04/2025, 12:27:23 UTC

Technical Analysis

CVE-2022-32175 is a Cross-Site Request Forgery (CSRF) vulnerability identified in AdGuardHome, an open-source network-wide ad and tracker blocking DNS server. This vulnerability affects versions from v0.95 through v0.108.0-b.13, including v0.99.0 and potentially other unspecified versions within this range. The flaw resides in the custom filtering rules functionality, where an attacker can trick an authenticated user into visiting a maliciously crafted link. Because the user is already authorized, the malicious request is executed with their privileges, allowing the attacker to delete or modify custom filtering rules without the user's consent. This can disrupt the intended filtering policies, potentially allowing unwanted ads, trackers, or malicious content to bypass the DNS filtering or cause denial of service by removing critical rules. The vulnerability has a CVSS 3.1 base score of 5.4, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) shows that the attack can be performed remotely over the network without privileges but requires user interaction (clicking a link). The impact affects integrity and availability of the filtering rules but does not compromise confidentiality. No known exploits in the wild have been reported, and no official patches or mitigations are linked in the provided data. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. Given the nature of AdGuardHome as a DNS filtering tool, exploitation could undermine network security policies and user privacy protections.

Potential Impact

For European organizations, the impact of this vulnerability can be significant depending on their reliance on AdGuardHome for network-wide ad and tracker blocking. By exploiting this CSRF flaw, attackers can alter or delete filtering rules, potentially allowing malicious domains, ads, or trackers to bypass DNS filtering. This undermines privacy controls and may expose users to phishing, malware, or data leakage through trackers. Additionally, the removal of filtering rules could degrade network performance or user experience by allowing unwanted content. Organizations in sectors with strict privacy regulations such as GDPR may face compliance risks if user data is exposed due to weakened filtering. The attack requires user interaction but no elevated privileges, making it feasible in environments where users access web interfaces of AdGuardHome. Since AdGuardHome is often deployed in home networks, small businesses, and some enterprise environments, the impact varies but can be critical for privacy-focused organizations or those using it as a primary DNS filtering solution.

Mitigation Recommendations

To mitigate this vulnerability, organizations should: 1) Upgrade AdGuardHome to a version where this CSRF vulnerability is patched once available. Monitor official AdGuardHome releases and security advisories for updates. 2) Implement web application security best practices such as enforcing anti-CSRF tokens on all state-changing requests in the web interface, if customization is possible. 3) Restrict access to the AdGuardHome web interface to trusted networks or VPNs to reduce exposure to malicious links from external sources. 4) Educate users about the risks of clicking unsolicited or suspicious links, especially when authenticated to network management interfaces. 5) Employ network-level protections such as web filtering or intrusion prevention systems to detect and block malicious URLs that could trigger CSRF attacks. 6) Regularly backup custom filtering rules to enable quick restoration if unauthorized changes occur. 7) Consider isolating the AdGuardHome management interface from general user access to minimize attack surface. These measures go beyond generic advice by focusing on access control, user awareness, and proactive monitoring tailored to the nature of this CSRF vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Mend
Date Reserved
2022-05-31T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0f71484d88663aeb0a9

Added to database: 5/20/2025, 6:59:03 PM

Last enriched: 7/4/2025, 12:27:23 PM

Last updated: 8/17/2025, 10:32:16 PM

Views: 22

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats