Pi-hole AdminLTE Web Interface Remote Code Execution (CVE-2020-8816)
Overview
Pi-hole AdminLTE Web Interface Remote Code Execution, tracked as CVE-2020-8816, affects vulnerable Pi-hole Web/AdminLTE installations. Pi-hole is commonly deployed as a network-level DNS sinkhole for blocking advertisements and trackers, which makes its administrative web interface a sensitive management surface.
Vulnerability Overview
CVE-2020-8816 is an authenticated command execution issue in Pi-hole Web v4.3.2, also known as AdminLTE. NVD describes the vulnerable path as a crafted DHCP static lease submitted by a privileged dashboard user.
The issue is tied to insufficient handling of DHCP lease input, including the MAC address validation path that Pi-hole fixed in its Web v4.3.3 release. Because exploitation requires privileged dashboard access, this is not an unauthenticated public RCE, but it is still serious when administrator credentials are compromised or shared too broadly.
Impact
CVE-2020-8816 has a CVSS 3.1 score of 7.2 and is rated High in NVD. The score reflects network reachability, low attack complexity, high privileges required, no user interaction, and high confidentiality, integrity, and availability impact.
Successful exploitation can allow command execution on the Pi-hole host in the context available to the web application. That can expose local configuration, DNS and DHCP settings, network environment details, or provide a foothold on a device that often has visibility into internal network activity.
CVE-2020-8816 is also listed in the CISA Known Exploited Vulnerabilities Catalog, which reflects confirmed exploitation in real environments.
Vulnerability Scope
CVE-2020-8816 affects Pi-hole Web/AdminLTE v4.3.2 and earlier affected releases. The Pi-hole Web v4.3.3 release was published as a minor point release to address this issue.
The highest-risk exposure is a Pi-hole admin interface reachable by untrusted networks or protected by weak administrative credentials. Even though the issue requires privileged dashboard access, management interfaces should still be restricted and updated promptly.
Lab Focus
This lab focuses on understanding how an authenticated input validation flaw in a network administration interface can become command execution. The goal is to practice evaluating privileged web admin workflows, DHCP configuration attack surface, and the security impact of management interfaces inside trusted networks.