CVE-2024-28328

CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.
Configurations

No configuration.

History

21 Nov 2024, 09:06

Type Values Removed Values Added
References
  • () https://redfoxsec.com/blog/asus-rt-n12-b1s-csv-injection-cve%E2%80%902024%E2%80%9028328/ -
References () http://asus.com - () http://asus.com -
References () https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/CSV-Injection-CVE%E2%80%902024%E2%80%9028328 - () https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/CSV-Injection-CVE%E2%80%902024%E2%80%9028328 -

03 Jul 2024, 01:51

Type Values Removed Values Added
CWE CWE-77
Summary
  • (es) La vulnerabilidad de inyección CSV en el router Asus RT-N12+ permite a los usuarios administradores inyectar comandos o fórmulas arbitrarias en el parámetro de nombre del cliente que pueden activarse y ejecutarse en una sesión de usuario diferente al exportar al formato CSV.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

26 Apr 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-26 15:15

Updated : 2024-11-21 09:06


NVD link : CVE-2024-28328

Mitre link : CVE-2024-28328

CVE.ORG link : CVE-2024-28328


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')