ASUS Download Master Upload Vulnerability Allows Remote Execution of Arbitrary System Commands

CVE-2024-31161

7.2HIGH

Key Information

Vendor: Asus
Status: Download Master
Vendor: CVE Published:; 14 June 2024

Summary

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.

Affected Version(s)

Download Master <= 3.1.0.113

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 14, 2024
Vulnerability Reserved.
Mar 29, 2024

Collectors

NVD DatabaseMitre Database