Asustor: >> Exfat Driver Security Vulnerabilities
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.
CVSS Score
7.4
EPSS Score
0.004
Published
2020-03-18
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.
CVSS Score
8.1
EPSS Score
0.024
Published
2020-03-18