ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.


Assigner: [email protected]

CWE: CWE-121

  • asus download_master


CVSS version: 3.1 Base score: 7.2
Base severity: HIGH Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 1.2 Impact score: 5.9

Can you explain the CVE description?

This Common Vulnerabilities and Exposures (CVE) description is about a vulnerability identified as CVE-2024-31163 in ASUS Download Master. The vulnerability is a buffer overflow issue that allows an unauthenticated remote attacker with administrative privileges to execute arbitrary system commands on the affected device. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.2, indicating a high severity level. The vulnerability was published on June 14, 2024, and is currently in the EARLY_WARNING status. The vulnerability is associated with CWE-121, which is the weakness category for buffer overflow vulnerabilities. The description includes links to additional resources for more information about the vulnerability. The CVSS vector shows that the vulnerability has network access (AV:N), requires authentication (AC:L), has high privileges required (PR:H), does not require user interaction (UI:N), has no scope impact (S:U), and has high confidentiality, integrity, and availability impact (C:H/I:H/A:H). The exploitability score is 1.2, and the impact score is 5.9. The assigner of this CVE is [email protected].

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being the initial entry point for an attacker to gain unauthorized access to the affected device. By exploiting the buffer overflow vulnerability in ASUS Download Master, an attacker can execute arbitrary system commands with administrative privileges. This can lead to further exploitation of the device, such as installing malware, stealing sensitive information, or disrupting the devices normal operation. The attacker can then move laterally within the network, escalate privileges, and carry out more advanced attacks, ultimately compromising the entire system.

Generated on: 2024-07-01