CVE-2024-31161 HIGH

CVE-2024-31161: ASUS Download Master - Arbitrary File Upload

Vendor Asus
Product Download Master
Weakness CWE-434 · Unrestricted file upload
Published June 14, 2024
Last update August 2, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.

Key dates

02Disclosure timeline

June 14, 2024 CVE published
August 2, 2024 Record updated