Описание
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:asustor:exfat_driver:1.0.0:r14:*:*:*:*:*:*
cpe:2.3:a:asustor:exfat_driver:1.0.0:r15:*:*:*:*:*:*
cpe:2.3:a:asustor:exfat_driver:1.0.0:r20:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02414
Низкий
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.
EPSS
Процентиль: 85%
0.02414
Низкий
8.1 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78