CVE-2024-3740

Name of the Vulnerable Software and Affected Versions cym1102 nginxWebUI versions up to 3.9.9

Description A critical issue has been found in the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 3.9.9, as a temporary workaround, consider disabling the exec function of the file /adminPage/conf/reload until a patch is available. Restrict access to the /adminPage/conf/reload file to minimize the risk of exploitation. Avoid using the argument nginxExe in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.