CVE-2024-31160
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in ASUS Download Master allows remote attackers with administrative privileges to inject malicious JavaScript into a specific page parameter. The injected code executes when other users view the affected page, potentially compromising their sessions or performing actions on their behalf. Only systems running vulnerable versions of ASUS Download Master with administrative access are affected.
💻 Affected Systems
- ASUS Download Master
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin access could inject malicious scripts that steal session cookies, redirect users to phishing sites, or perform unauthorized actions as authenticated users, potentially leading to full system compromise if combined with other vulnerabilities.
Likely Case
Attackers with administrative credentials could inject scripts to hijack user sessions, deface the interface, or perform limited unauthorized actions within the application.
If Mitigated
With proper input validation and output encoding, the risk is reduced to minimal as malicious scripts would be properly sanitized before execution.
🎯 Exploit Status
Exploitation requires administrative access to the ASUS Download Master interface; stored XSS payloads persist until cleaned
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in references; check ASUS firmware updates
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html
Restart Required: Yes
Instructions:
1. Log into ASUS router admin interface
2. Navigate to firmware update section
3. Check for and install latest firmware
4. Reboot router after update
5. Verify Download Master is updated
🔧 Temporary Workarounds
Disable Download Master
allTemporarily disable ASUS Download Master feature if not required
Login to router admin panel → USB Application → Download Master → Disable
Restrict admin access
allLimit administrative access to trusted IP addresses only
Login to router admin panel → Administration → System → Allow only specified IP addresses to login
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads
- Monitor admin interface access logs for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check if ASUS Download Master is enabled and running on an ASUS router; verify firmware version against latest security updatesCheck Version:
Login to router admin interface → System Log → Firmware Version or Administration → Firmware UpgradeVerify Fix Applied:
After updating firmware, test the affected parameter with safe test payloads to ensure proper input filtering📡 Detection & Monitoring
Log Indicators:
- Unusual admin login attempts
- JavaScript payloads in URL parameters or form submissions
- Multiple failed login attempts followed by successful admin login
Network Indicators:
- HTTP requests containing script tags or JavaScript in parameters to Download Master pages
- Unusual outbound connections from router after admin access
SIEM Query:
source="router_logs" AND ("Download Master" OR "admin login") AND ("script" OR "javascript" OR "onerror" OR "onload")