Asus Download Master vulnerabilities

CVE-2024-31161 [HIGH] CWE-434 CVE-2024-31161: The upload functionality of ASUS Download Master does not properly filter user input. Remote attacke The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.

CVE-2024-31162 [HIGH] CWE-78 CVE-2024-31162: The specific function parameter of ASUS Download Master does not properly filter user input. An unau The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

CVE-2024-31163 [HIGH] CWE-121 CVE-2024-31163: ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with ad ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

CVE-2024-31160 [MEDIUM] CWE-79 CVE-2024-31160: The parameter used in the certain page of ASUS Download Master is not properly filtered for user inp The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.

CVE-2024-31159 [MEDIUM] CWE-79 CVE-2024-31159: The parameter used in the certain page of ASUS Download Master is not properly filtered for user inp The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.