Missing SSL Certificate Validation in ASUSTOR exFAT Driver

Missing SSL Certificate Validation in ASUSTOR exFAT Driver

CVE-2019-11688 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.

Learn more about our Api Penetration Testing.