EIP-2026-101305

PRE-CVE

HTC / Windows Mobile OBEX FTP Service - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101305. PoCs published by Alberto Tablado.

AI-analyzed exploit summary This is a detailed writeup describing a directory traversal vulnerability in HTC Windows Mobile devices running OBEX FTP Service over Bluetooth. It explains how an authenticated attacker can traverse directories, read/write arbitrary files, and achieve code execution by uploading files to the Startup folder.

Description

HTC / Windows Mobile OBEX FTP Service - Directory Traversal

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alberto Tablado · textremotehardware

https://www.exploit-db.com/exploits/9117

View Code ZIP pw:eip

This is a detailed writeup describing a directory traversal vulnerability in HTC Windows Mobile devices running OBEX FTP Service over Bluetooth. It explains how an authenticated attacker can traverse directories, read/write arbitrary files, and achieve code execution by uploading files to the Startup folder.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: HTC Windows Mobile 6 and 6.1 OBEX FTP Service

Auth required

Prerequisites: Bluetooth enabled on target device · File Sharing over Bluetooth active · Authentication and authorization privileges over Bluetooth

MITRE ATT&CK

T1006 - Direct Volume Access T1200 - Hardware Additions

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026