CSAL#54
|
Security Notification # CSAL54 |
|
Advisory Title: CSV injection attack was found on the mentioned |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#54 |
Document Name: |
Security Notification # CSAL54 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL54 |
CVE / Vulnerability Reference |
OWASP(A2) |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
7.5 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
CSV injection attack was found on the mentioned. |
|||||
|
Impact |
The identification of a CSV Injection vulnerability within our system's data export functionality poses a critical risk, primarily affecting the integrity and confidentiality of data and potentially compromising the end user's system. By exploiting this vulnerability, attackers can craft malicious content that, when incorporated into a CSV file and opened in a spreadsheet application, executes unauthorized commands or formulas. This can lead to several adverse outcomes |
|||||
|
Affected products |
WP500 Firmware 0.65 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||