vulnerability

Pi-hole AdminLTE: CVE-2020-8816: DHCP MAC OS Command Execution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Mar 28, 2020	Feb 28, 2022	May 3, 2022

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Mar 28, 2020

Added

Feb 28, 2022

Modified

May 3, 2022

Description

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

This check requires the Metasploit Remote Check Service to be enabled on Scan Engines. Please see the Metasploit Remote Check Service documentation for instructions on how to enable this functionality.

Solution

pi-hole-adminlte-upgrade-latest

References

CVE-2020-8816
https://attackerkb.com/topics/CVE-2020-8816
https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report