CVE-2024-3736

Summary

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.

Affected Software

VendorProductVersion RangeStatus
cym1102nginxWebUI3.9.0affected
cym1102nginxWebUI3.9.1affected
cym1102nginxWebUI3.9.2affected
cym1102nginxWebUI3.9.3affected
cym1102nginxWebUI3.9.4affected
cym1102nginxWebUI3.9.5affected
cym1102nginxWebUI3.9.6affected
cym1102nginxWebUI3.9.7affected
cym1102nginxWebUI3.9.8affected
cym1102nginxWebUI3.9.9affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References