CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.
References
Configurations
No configuration.
History
21 Nov 2024, 09:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () http://asus.com - | |
References | () https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/CSV-Injection-CVE%E2%80%902024%E2%80%9028328 - |
03 Jul 2024, 01:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
26 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-26 15:15
Updated : 2024-11-21 09:06
NVD link : CVE-2024-28328
Mitre link : CVE-2024-28328
CVE.ORG link : CVE-2024-28328
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')