CVE-2024-31161

HIGH

Asus Download Master < 3.1.0.114 - Unrestricted File Upload

Title source: rule

Description

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.

References (2)

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html

Scores

CVSS v3 7.2

EPSS 0.0105

EPSS Percentile 77.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434

Status published

Affected Products (1)

asus/download_master < 3.1.0.114

Timeline

Published Jun 14, 2024

Tracked Since Feb 18, 2026