CVE-2020-37086

Easy Transfer 1.7 for iOS - Directory Traversal

CVSS 6.9 MEDIUMEPSS 0.5%CWE-22

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Rubikon Teknoloji · Easy Transfer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078 https://www.exploit-db.com/exploits/48395 https://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal https://www.vulnerability-lab.com/get_content.php?id=2223