Search criteria
4 vulnerabilities found for Easy Transfer by Rubikon Teknoloji
CVE-2020-37087 (GCVE-0-2020-37087)
Vulnerability from nvd – Published: 2026-02-03 22:09 – Updated: 2026-02-04 14:52
VLAI?
Title
Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting
Summary
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rubikon Teknoloji | Easy Transfer |
Affected:
1.7
|
Credits
Vulnerability Laboratory, Benjamin Kunz Mejri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T14:51:46.184381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T14:52:11.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"iOS"
],
"product": "Easy Transfer",
"vendor": "Rubikon Teknoloji",
"versions": [
{
"status": "affected",
"version": "1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability Laboratory, Benjamin Kunz Mejri"
}
],
"datePublic": "2020-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:09:48.283Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48395",
"tags": [
"exploit",
"technical-description"
],
"url": "https://www.exploit-db.com/exploits/48395"
},
{
"name": "Vulnerability-Lab Advisory",
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2223"
},
{
"name": "Official App Store Product Page",
"tags": [
"product"
],
"url": "https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078"
},
{
"name": "VulnCheck Advisory: Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easy-transfer-for-ios-persistent-cross-site-scripting"
}
],
"title": "Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37087",
"datePublished": "2026-02-03T22:09:48.283Z",
"dateReserved": "2026-02-01T13:16:06.486Z",
"dateUpdated": "2026-02-04T14:52:11.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37086 (GCVE-0-2020-37086)
Vulnerability from nvd – Published: 2026-02-03 22:01 – Updated: 2026-02-04 21:06
VLAI?
Title
Easy Transfer 1.7 for iOS - Directory Traversal
Summary
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.
Severity ?
6.2 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rubikon Teknoloji | Easy Transfer |
Affected:
1.7
|
Credits
Vulnerability Laboratory, Benjamin Kunz Mejri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T21:06:01.858796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:06:10.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Easy Transfer",
"vendor": "Rubikon Teknoloji",
"versions": [
{
"status": "affected",
"version": "1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vulnerability Laboratory, Benjamin Kunz Mejri"
}
],
"datePublic": "2020-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:01:48.056Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48395",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48395"
},
{
"name": "Vulnerability-Lab Advisory",
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2223"
},
{
"name": "Official App Store Product Page",
"tags": [
"product"
],
"url": "https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078"
},
{
"name": "VulnCheck Advisory: Easy Transfer 1.7 for iOS - Directory Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal"
}
],
"title": "Easy Transfer 1.7 for iOS - Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37086",
"datePublished": "2026-02-03T22:01:48.056Z",
"dateReserved": "2026-02-01T13:16:06.486Z",
"dateUpdated": "2026-02-04T21:06:10.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37087 (GCVE-0-2020-37087)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:09 – Updated: 2026-02-04 14:52
VLAI?
Title
Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting
Summary
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rubikon Teknoloji | Easy Transfer |
Affected:
1.7
|
Credits
Vulnerability Laboratory, Benjamin Kunz Mejri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T14:51:46.184381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T14:52:11.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"iOS"
],
"product": "Easy Transfer",
"vendor": "Rubikon Teknoloji",
"versions": [
{
"status": "affected",
"version": "1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability Laboratory, Benjamin Kunz Mejri"
}
],
"datePublic": "2020-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:09:48.283Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48395",
"tags": [
"exploit",
"technical-description"
],
"url": "https://www.exploit-db.com/exploits/48395"
},
{
"name": "Vulnerability-Lab Advisory",
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2223"
},
{
"name": "Official App Store Product Page",
"tags": [
"product"
],
"url": "https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078"
},
{
"name": "VulnCheck Advisory: Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easy-transfer-for-ios-persistent-cross-site-scripting"
}
],
"title": "Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37087",
"datePublished": "2026-02-03T22:09:48.283Z",
"dateReserved": "2026-02-01T13:16:06.486Z",
"dateUpdated": "2026-02-04T14:52:11.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-37086 (GCVE-0-2020-37086)
Vulnerability from cvelistv5 – Published: 2026-02-03 22:01 – Updated: 2026-02-04 21:06
VLAI?
Title
Easy Transfer 1.7 for iOS - Directory Traversal
Summary
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.
Severity ?
6.2 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rubikon Teknoloji | Easy Transfer |
Affected:
1.7
|
Credits
Vulnerability Laboratory, Benjamin Kunz Mejri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-37086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T21:06:01.858796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:06:10.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Easy Transfer",
"vendor": "Rubikon Teknoloji",
"versions": [
{
"status": "affected",
"version": "1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vulnerability Laboratory, Benjamin Kunz Mejri"
}
],
"datePublic": "2020-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T22:01:48.056Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48395",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48395"
},
{
"name": "Vulnerability-Lab Advisory",
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2223"
},
{
"name": "Official App Store Product Page",
"tags": [
"product"
],
"url": "https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078"
},
{
"name": "VulnCheck Advisory: Easy Transfer 1.7 for iOS - Directory Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal"
}
],
"title": "Easy Transfer 1.7 for iOS - Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-37086",
"datePublished": "2026-02-03T22:01:48.056Z",
"dateReserved": "2026-02-01T13:16:06.486Z",
"dateUpdated": "2026-02-04T21:06:10.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}