CVE-2024-28328 is a vulnerability classified as CSV Injection affecting the Asus RT-N12+ router. This vulnerability arises from improper sanitization of the client name parameter, which is used in CSV exports. An attacker with administrator privileges can inject malicious formulas or commands into this parameter. When another user exports or opens the CSV file in spreadsheet software such as Microsoft Excel or LibreOffice Calc, these formulas can execute, potentially leading to command execution or data manipulation on the client side. The vulnerability is linked to CWE-77 (Improper Neutralization of Special Elements used in a Command). The attack vector is adjacent network (AV:A), requiring low attack complexity (AC:L), but high privileges (PR:H) and user interaction (UI:R) to trigger. The scope is changed (S:C) meaning the vulnerability affects components beyond the vulnerable component itself. The impact affects confidentiality, integrity, and availability to a limited degree (C:L/I:L/A:L). No patches or known exploits are currently available, but the vulnerability is publicly disclosed as of April 26, 2024.

The primary impact of CVE-2024-28328 is the potential execution of arbitrary commands or formulas on a client machine when a CSV file exported from the Asus RT-N12+ router is opened. This can lead to unauthorized data access, data corruption, or further exploitation on the client side. Since exploitation requires administrator access on the router and user interaction to open the CSV file, the risk is somewhat limited but still significant in environments where multiple administrators or users handle exported data. Organizations relying on Asus RT-N12+ routers for network management may face risks of data leakage or manipulation, especially in managed service environments or enterprises with shared administrative duties. The vulnerability could also be leveraged as part of a broader attack chain to escalate privileges or compromise client systems.

To mitigate CVE-2024-28328, organizations should implement the following specific measures: 1) Restrict administrator access to trusted personnel only and enforce strong authentication mechanisms to reduce the risk of malicious input injection. 2) Avoid exporting client data to CSV files unless absolutely necessary, or sanitize all client name inputs to remove or neutralize special characters and formulas before export. 3) Educate users and administrators to be cautious when opening CSV files from the router, especially those containing client names or other user-generated content. 4) Use spreadsheet software with CSV injection protections or open CSV files in text editors first to inspect for suspicious content. 5) Monitor for firmware updates or patches from Asus addressing this vulnerability and apply them promptly once available. 6) Consider network segmentation to limit access to the router’s administrative interface and exported data files. 7) Implement logging and alerting on administrative actions related to CSV exports to detect potential misuse.