CVE-2024-36586
📋 TL;DR
This vulnerability allows unprivileged attackers to overwrite the AdGuardHome binary, enabling privilege escalation to root/admin access. It affects AdGuardHome installations from version 0.93 through the latest at the time of disclosure. Any system running vulnerable AdGuardHome versions with unprivileged user access is at risk.
💻 Affected Systems
- AdGuardHome
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where attackers gain root privileges, install persistent backdoors, pivot to other systems, and exfiltrate sensitive data.
Likely Case
Local privilege escalation allowing attackers to modify AdGuardHome configuration, intercept network traffic, or disable security controls.
If Mitigated
Limited impact if proper file permissions and access controls prevent unprivileged users from accessing AdGuardHome directories.
🎯 Exploit Status
Exploitation requires local access with any user privileges. The vulnerability is straightforward to exploit once an attacker gains any foothold on the system.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check latest AdGuardHome release (specific version not specified in provided references)
Vendor Advisory: https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md
Restart Required: Yes
Instructions:
1. Stop AdGuardHome service. 2. Download latest AdGuardHome release from official repository. 3. Replace existing binary with patched version. 4. Restart AdGuardHome service. 5. Verify version and functionality.
🔧 Temporary Workarounds
Restrict File Permissions
linuxSet strict file permissions on AdGuardHome binary and directories to prevent unprivileged write access.
chmod 750 /path/to/AdGuardHome
chown root:root /path/to/AdGuardHome
Run as Non-Privileged User
linuxConfigure AdGuardHome to run with minimal privileges using systemd or service manager.
sudo systemctl edit adguardhome
Add User= and Group= directives under [Service]
🧯 If You Can't Patch
- Implement strict access controls to prevent unprivileged users from accessing AdGuardHome installation directories
- Monitor file integrity of AdGuardHome binary using tools like AIDE, Tripwire, or osquery
🔍 How to Verify
Check if Vulnerable:
Check AdGuardHome version: adguardhome --version. If version is between 0.93 and latest at disclosure date, system is vulnerable.Check Version:
adguardhome --versionVerify Fix Applied:
Verify updated version and check file permissions: ls -la /path/to/AdGuardHome | grep -E '^-rwxr-x---|^-rwx------'📡 Detection & Monitoring
Log Indicators:
- Unexpected modifications to AdGuardHome binary file
- Permission changes on AdGuardHome directories
- AdGuardHome service restarts from non-privileged users
Network Indicators:
- Unusual DNS query patterns from AdGuardHome host
- AdGuardHome service becoming unresponsive
SIEM Query:
source="*adguard*" AND (event_type="file_modification" AND file_path="*/AdGuardHome*") OR (event_type="process_execution" AND process_name="AdGuardHome" AND user!="root")