CVE-2021-47921

6.5 MEDIUM
Path Traversal

📋 TL;DR

Free Photo & Video Vault 0.0.2 contains a directory traversal vulnerability that allows remote attackers to manipulate web requests and access sensitive system files. Attackers can exploit this without authentication to retrieve environment variables and access unauthorized system paths. Users of version 0.0.2 on iOS are affected.

💻 Affected Systems

Products:
  • Free Photo & Video Vault
Versions: 0.0.2
Operating Systems: iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the web interface component used for WiFi file transfer.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through access to sensitive files like /etc/passwd, SSH keys, or application credentials, potentially leading to data theft or further system exploitation.

🟠

Likely Case

Unauthorized access to application data, configuration files, and environment variables, potentially exposing user photos/videos and system information.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, restricting exposure to internal network only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the application's web interface, typically on port 8080.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check App Store for updated version
2. If no update available, uninstall the application
3. Consider alternative secure photo vault applications

🔧 Temporary Workarounds

Disable WiFi Transfer Feature

all

Turn off the web interface that exposes the vulnerable component

Network Segmentation

all

Restrict access to the application's web interface to trusted networks only

🧯 If You Can't Patch

  • Disable the application's WiFi transfer feature immediately
  • Isolate the device on a separate VLAN with no internet access

🔍 How to Verify

Check if Vulnerable:

Check if Free Photo & Video Vault version 0.0.2 is installed and if the WiFi transfer feature is enabled

Check Version:

Check iOS App Store purchase history or device application list

Verify Fix Applied:

Verify application is uninstalled or updated to a version later than 0.0.2

📡 Detection & Monitoring

Log Indicators:

  • Unusual file path requests in web server logs
  • Multiple ../ sequences in URL parameters
  • Access attempts to system files

Network Indicators:

  • HTTP requests with ../ sequences to port 8080
  • Unusual file access patterns from external IPs

SIEM Query:

source="web_logs" AND (url="*../*" OR url="*/etc/*") AND dest_port=8080

📊 Metadata

CVE ID: CVE-2021-47921
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: February 1, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This