CVE-2020-37086

Easy Transfer 1.7 for iOS - Directory Traversal

CVSS 6.9 MEDIUMEPSS 0.5%CWE-22

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Rubikon Teknoloji · Easy Transfer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078 https://www.exploit-db.com/exploits/48395 https://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal https://www.vulnerability-lab.com/get_content.php?id=2223