CVE-2022-50950 – Webile 1.0.1 contains an unauthenticated direct... (How to Fix)

Q: What is the severity of CVE-2022-50950?

CVE-2022-50950 has a CVSS score of 6.5 (MEDIUM). Webile 1.0.1 contains an unauthenticated directory traversal vulnerability that allows attackers to manipulate file paths and access sensitive system directories. This affects all users of Webile 1.0.1 on Android devices, potentially compromising the local file system.

📋 TL;DR

Webile 1.0.1 contains an unauthenticated directory traversal vulnerability that allows attackers to manipulate file paths and access sensitive system directories. This affects all users of Webile 1.0.1 on Android devices, potentially compromising the local file system.

💻 Affected Systems

Products:

Webile File Transfer

Versions: 1.0.1

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the web application component of the mobile app, accessible via local network or internet depending on configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the mobile device's file system, allowing attackers to read, modify, or delete sensitive files including personal data, application data, and system files.

🟠

Likely Case

Unauthorized access to sensitive user files and application data stored on the device, potentially leading to data theft or manipulation.

🟢

If Mitigated

Limited impact if proper input validation and path sanitization are implemented, restricting access to intended directories only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the Webile web interface, which may be exposed locally or publicly depending on user configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Users should uninstall Webile 1.0.1 and monitor Google Play Store for updates.

🔧 Temporary Workarounds

Disable Webile Web Interface

android

Turn off the web server functionality in Webile settings to prevent remote exploitation

Network Isolation

all

Ensure Webile is only accessible on trusted local networks, not exposed to the internet

🧯 If You Can't Patch

Uninstall Webile 1.0.1 immediately
Use alternative file transfer applications with proper security controls

🔍 How to Verify

Check if Vulnerable:

Check if Webile version 1.0.1 is installed on Android device via Settings > Apps > Webile

Check Version:

Not applicable - check via Android app settings

Verify Fix Applied:

Verify Webile is uninstalled or updated to a version later than 1.0.1

📡 Detection & Monitoring

Log Indicators:

Unusual file path access patterns in web server logs
Directory traversal sequences like '../' in HTTP requests

Network Indicators:

HTTP requests containing path traversal sequences to Webile web interface

SIEM Query:

Not applicable for typical mobile app deployment

📊 Metadata

CVE ID: CVE-2022-50950

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: February 1, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy