CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31162 – ASUS Download Master - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-31162
14 Jun 2024 — The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. El parámetro de función específica de ASUS Download Master no filtra adecuadamente la entrada del usuario. Un atacante remoto no autenticado con privilegios administrativos puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el disposi... • https://www.twcert.org.tw/en/cp-139-7868-8a760-2.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31161 – ASUS Download Master - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-31161
14 Jun 2024 — The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage. La funcionalidad de carga de ASUS Download Master no filtra adecuadamente la entrada del usuario. Los atacantes remotos con privilegios administrativos pueden apro... • https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31160 – ASUS Download Master - Stored XSS
https://notcve.org/view.php?id=CVE-2024-31160
14 Jun 2024 — The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks. El parámetro utilizado en determinada página de ASUS Download Master no se filtra correctamente para la entrada del usuario. Un atacante remoto con privilegios administrativos puede insertar código JavaScript en el parámetro para ataques de Cross-Site Scripting Almacenado. • https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31159 – ASUS Download Master - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-31159
14 Jun 2024 — The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. El parámetro utilizado en determinada página de ASUS Download Master no se filtra correctamente para la entrada del usuario. Un atacante remoto con privilegios administrativos puede insertar código JavaScript en el parámetro para ataques de Cross-site scripting reflejado. • https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •