The document describes a code execution vulnerability in File Manager v4.2.10 iOS via the `createdir?path=` parameter in the WiFi interface. The vulnerability allows remote attackers to inject arbitrary code through the GET method without authentication.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:File Manager v4.2.10 iOS
No auth needed
Prerequisites:Local WiFi access · File Manager app running with WiFi transfer enabled