CVE-2024-28328

Name of the Vulnerable Software and Affected Versions: ASUS RT-N12+ B1 version (affected versions not specified)

Description: The issue is related to a lack of data sanitization on the administrative level, allowing for the exploitation of a CSV injection vulnerability. This vulnerability enables a remote attacker to execute arbitrary commands by injecting malicious input through the client name parameter. The vulnerability can be triggered when exporting data to CSV format, potentially allowing the execution of injected commands or formulas in a different user session.

Recommendations: As a temporary workaround, consider restricting access to the client name parameter to minimize the risk of exploitation. Avoid using the client name parameter in the affected router until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.