CVE-2024-31162

high

Description

The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

References

https://www.twcert.org.tw/tw/cp-132-7867-8fad9-1.html

https://www.twcert.org.tw/en/cp-139-7868-8a760-2.html

Details

Source: Mitre, NVD

Published: 2024-06-14

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00729