RSS   Vulnerabilities for 'Exfat driver'   RSS

2020-03-18
 
CVE-2019-11689

CWE-20
 

 
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.

 
 
CVE-2019-11688

CWE-295
 

 
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.

 

 >>> Vendor: Asustor 6 Products
As6202t firmware
Soundsgood
ADM
Asustor data master
Data master
Exfat driver


Copyright 2021, cxsecurity.com

 

Back to Top