CVE-2024-31161 – This vulnerability in ASUS Download Master allo... (How to Fix)

Q: What is the severity of CVE-2024-31161?

CVE-2024-31161 has a CVSS score of 7.2 (HIGH). This vulnerability in ASUS Download Master allows authenticated administrators to upload arbitrary files to any location on the system due to improper input filtering. Attackers can upload malicious web pages to execute arbitrary system commands when visited. Only systems running ASUS Download Master with administrative access are affected.

📋 TL;DR

This vulnerability in ASUS Download Master allows authenticated administrators to upload arbitrary files to any location on the system due to improper input filtering. Attackers can upload malicious web pages to execute arbitrary system commands when visited. Only systems running ASUS Download Master with administrative access are affected.

💻 Affected Systems

Products:

ASUS Download Master

Versions: All versions prior to the fix

Operating Systems: Linux-based systems on ASUS routers

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access to exploit. Typically affects ASUS routers with Download Master enabled.

📦 What is this software?

Download Master by Asus

View all CVEs affecting Download Master →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Attackers with administrative credentials upload web shells to gain persistent remote access and execute commands on the server.

🟢

If Mitigated

Limited impact if proper access controls and file upload restrictions are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative credentials but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest firmware updates from ASUS

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html

Restart Required: Yes

Instructions:

1. Log into ASUS router admin interface. 2. Navigate to firmware update section. 3. Download and install latest firmware from ASUS. 4. Reboot router after update.

🔧 Temporary Workarounds

Disable Download Master

all

Temporarily disable the vulnerable Download Master feature until patched.

Log into router admin panel → USB Application → Download Master → Disable

Restrict Admin Access

all

Limit administrative access to trusted IP addresses only.

Log into router admin → Administration → System → Allow only specified IP addresses

🧯 If You Can't Patch

Disable Download Master feature completely
Implement network segmentation to isolate affected routers

🔍 How to Verify

Check if Vulnerable:

Check if Download Master is enabled on ASUS router and firmware version is outdated.

Check Version:

Log into router admin → System Log → Firmware Version

Verify Fix Applied:

Verify firmware version matches latest release from ASUS and test upload functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to web directories
Suspicious POST requests to upload endpoints

Network Indicators:

Unexpected outbound connections from router
Traffic to known malicious IPs

SIEM Query:

source="router_logs" AND (event="file_upload" OR uri="/upload")

📊 Metadata

CVE ID: CVE-2024-31161

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 14, 2024

Last Updated: November 21, 2024

🔗 References

https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31161, you might also want to check these: