CVE-2024-3740

Published: Apr 13, 2024Modified: Aug 21, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579.

Affected (1)

Products: Cym1102: Nginxwebui

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cym1102 Nginxwebui	Before 4.2.4

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (10)

https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf

Source: cna@vuldb.com

Exploit

https://github.com/cym1102/nginxWebUI/issues/138

Source: cna@vuldb.com

Issue Tracking

https://vuldb.com/?ctiid.260579

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.260579

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.311216

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://github.com/cym1102/nginxWebUI/issues/138

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://vuldb.com/?ctiid.260579

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.260579

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.311216

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.