CVE-2024-31161

EUVD-2024-29065
The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
twcertCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
asusdownload_master
𝑥
< 3.1.0.114
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html
https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html
https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html
https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html