CVE-2024-31161
The upload functionality of ASUS Download Master does not properly
Description
Description
The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| asus | download_master | to 3.1.0.114 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | Unrestricted Upload of File with Dangerous Type |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2024-06-14
CVE Last Modified Date:
2024-11-21
Report Generation Date:
2025-06-02
EPSS Last Evaluated Date:
2025-03-31
NVD Report Link: