CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.

Related CVEs

CVE-2024-28328

Key Information

GHSA ID

GHSA-3428-vpwf-2w42

Published

April 26, 2024 3:30 PM

Last Modified

July 3, 2024 6:37 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 30, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.