CVE-2024-36814
📋 TL;DR
This vulnerability allows authenticated attackers to read arbitrary files on the underlying operating system with root privileges. It affects Adguard Home installations before version 0.107.52. Attackers can exploit this by placing a specially crafted file in a readable directory.
💻 Affected Systems
- Adguard Home
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via reading sensitive files like /etc/shadow, SSH keys, or configuration files containing credentials, potentially leading to privilege escalation or lateral movement.
Likely Case
Unauthorized access to sensitive configuration files, logs, or application data stored on the server, potentially exposing credentials or other confidential information.
If Mitigated
Limited impact if proper network segmentation and access controls prevent authenticated attackers from reaching vulnerable instances.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of file paths. Public proof-of-concept details are available in the referenced blog posts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.107.52
Vendor Advisory: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.52
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download v0.107.52 or later from GitHub releases. 3. Stop Adguard Home service. 4. Replace binary with new version. 5. Restart service.
🔧 Temporary Workarounds
Restrict Web Interface Access
linuxLimit access to Adguard Home web interface to trusted IP addresses only using firewall rules.
iptables -A INPUT -p tcp --dport 3000 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j DROP
Use Strong Authentication
allEnsure Adguard Home uses strong, unique passwords and consider enabling 2FA if supported.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Adguard Home instances from sensitive systems.
- Monitor file access patterns and audit logs for unusual read operations from the Adguard Home process.
🔍 How to Verify
Check if Vulnerable:
Check Adguard Home version via web interface (Settings → About) or command: ./AdGuardHome --versionCheck Version:
./AdGuardHome --versionVerify Fix Applied:
Confirm version is v0.107.52 or higher and test that file read attempts outside allowed directories are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in Adguard Home logs
- Multiple failed authentication attempts followed by file read requests
Network Indicators:
- HTTP requests to Adguard Home endpoints with file path traversal patterns
SIEM Query:
source="adguard.log" AND ("file read" OR "path traversal" OR "../")