ASUS Download Master Vulnerability Allows Arbitrary System Command Execution

CVE-2024-31162

7.2HIGH

Key Information

Vendor: Asus
Status: Download Master
Vendor: CVE Published:; 14 June 2024

Summary

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

Affected Version(s)

Download Master <= 3.1.0.113

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 14, 2024
Vulnerability Reserved.
Mar 29, 2024

Collectors

NVD DatabaseMitre Database