CVE-2024-31161

CWE-434Unrestricted File Upload3 documents3 sources
Severity
7.2HIGH
EPSS
1.1%
top 22.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Download Master
Timeline
PublishedJun 14

Description

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDasus/download_master< 3.1.0.114
CVEListV5asus/download_masterearlier3.1.0.113

🔴Vulnerability Details

2
CVEList
ASUS Download Master - Arbitrary File Upload2024-06-14
GHSA
GHSA-m8j4-7vqm-v48x: The upload functionality of ASUS Download Master does not properly filter user input2024-06-14
CVE-2024-31161 (HIGH CVSS 7.2) | The upload functionality of ASUS Do | cvebase.io