CVE-2024-31162

CWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGH
EPSS
1.4%
top 19.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Download Master
Timeline
PublishedJun 14

Description

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

CVEListV5asus/download_masterearlier3.1.0.113

🔴Vulnerability Details

2
CVEList
ASUS Download Master - OS Command Injection2024-06-14
GHSA
GHSA-77j2-hv59-hj3g: The specific function parameter of ASUS Download Master does not properly filter user input2024-06-14
CVE-2024-31162 (HIGH CVSS 7.2) | The specific function parameter of | cvebase.io