go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

ASUS Download Master - Arbitrary File Upload

TVN ID TVN-202406006
CVE ID CVE-2024-31161
CVSS 7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products Download Master version 3.1.0.113 and earlier
Description The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.
Solution Update to version 3.1.0.114 or later
Credit Howard McGreehan
Public Date 2024-06-14
Top