The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html | Third Party Advisory |
Configurations
History
16 Aug 2024, 20:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html - Third Party Advisory | |
First Time |
Asus download Master
Asus |
|
CPE | cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:* |
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-14 04:15
Updated : 2024-08-16 20:25
NVD link : CVE-2024-31161
Mitre link : CVE-2024-31161
CVE.ORG link : CVE-2024-31161
JSON object : View
Products Affected
asus
- download_master
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type