CVE-2024-31161

The upload functionality of ASUS Download Master does not properly

Publication date: 2024-06-14

Last updated on: 2024-11-21

Description

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.

CVSS Scores

EPSS Scores

Last evaluated: 2025-03-31

Probability:
Percentile:

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-434	Unrestricted Upload of File with Dangerous Type

This CVE does not appear in the KEV catalog.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

Meta Information

Date published:

2024-06-14

Date last modified:

2024-11-21

Date generated:

2025-04-08

NVD report:

CVE-2024-31161