CVE-2022-24562

Name of the Vulnerable Software and Affected Versions IOBit IOTransfer version 4.3.1.1561

Description The issue allows an unauthenticated attacker to send GET and POST requests to Airserv, resulting in arbitrary read/write access to the entire file-system with admin privileges on the victim's endpoint. This can lead to data theft and remote code execution.

Recommendations For IOBit IOTransfer version 4.3.1.1561, consider restricting access to the Airserv component to minimize the risk of exploitation. As a temporary workaround, avoid using the Airserv feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.