CVE-2020-37086 MEDIUM

CVE-2020-37086: Easy Transfer 1.7 for iOS - Directory Traversal

Vendor Rubikon Teknoloji
Product Easy Transfer
Weakness CWE-22 · Path traversal
Published February 3, 2026
Last update February 4, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 4, 2026 Record updated