Primary

Context

Archer Technology RSA Archer Remote Code Execution Vulnerability via CSV Injection

Vulnerability

A remote code execution vulnerability exists in Archer Technology RSA Archer version 6.11.00204.10014. The issue arises because the application exports data to CSV without properly escaping cell contents. This flaw allows attackers to inject malicious spreadsheet formulas that execute system commands when the file is opened in a compatible application, such as Microsoft Excel.

Impact

Exploitation of this vulnerability allows for remote code execution on the victim's machine, triggered by opening the crafted CSV file.

Reproduction

To reproduce this vulnerability, access the Device Registration form in Archer RSA. Inject a formula payload, such as one that executes a command like opening the calculator, into the Device Name field. After saving the entry, export the device records to CSV. When the exported file is opened in a spreadsheet application, the injected command will be executed automatically.

Added: Jul 31, 2025, 8:20 PM

Updated: Jul 31, 2025, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.8

exploitability

7.4

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.8

exploitability

7.4

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Archer Technology RSA Archer Remote Code Execution Vulnerability via CSV Injection

Vulnerability

Impact

Reproduction

Affected Products

Archer Technology RSA Archer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating