CVE-2019-11688

Name of the Vulnerable Software and Affected Versions ASUSTOR exFAT Driver versions 1.0.0.r20 and earlier

Description An issue was discovered in the license validation process of the ASUSTOR exFAT Driver. Specifically, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com, indicating a missing SSL certificate validation. This issue allows for the acceptance of any certificate, potentially leading to security risks.

Recommendations For ASUSTOR exFAT Driver versions 1.0.0.r20 and earlier, consider disabling the exfat.cgi and exfatctl scripts until a patch is available to address the missing SSL certificate validation issue. Restrict access to these scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.