Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.
https://www.vulnerability-lab.com/get_content.php?id=2223
https://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal
https://www.exploit-db.com/exploits/48395
https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078
Published: 2026-02-03
Updated: 2026-04-15
Base Score: 4.9
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N
Severity: Medium
Base Score: 6.2
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: Medium
Base Score: 6.9
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Severity: Medium
EPSS: 0.00553