CVE-2024-31162

{"id": "CVE-2024-31162", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-06-14T07:15:50.153", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7868-8a760-2.html", "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7867-8fad9-1.html", "source": "twcert@cert.org.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device."}, {"lang": "es", "value": "El par\u00e1metro de funci\u00f3n espec\u00edfica de ASUS Download Master no filtra adecuadamente la entrada del usuario. Un atacante remoto no autenticado con privilegios administrativos puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el dispositivo."}], "lastModified": "2024-06-17T12:42:04.623", "sourceIdentifier": "twcert@cert.org.tw"}