EIP-2026-102320

PRE-CVE

Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102320. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This advisory details multiple command/path injection vulnerabilities in Wireless Transfer App 3.7 for iOS, where album names can be manipulated to execute unauthorized commands or path requests. The PoC demonstrates how crafted album names can trigger the vulnerability in the application's web interface.

Description

Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/30055

View Code ZIP pw:eip

This advisory details multiple command/path injection vulnerabilities in Wireless Transfer App 3.7 for iOS, where album names can be manipulated to execute unauthorized commands or path requests. The PoC demonstrates how crafted album names can trigger the vulnerability in the application's web interface.

Classification

Writeup 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Wireless Transfer App 3.7

Auth required

Prerequisites: Local low-privileged iOS device account · Wireless Transfer App 3.7 installed · Ability to create/modify album names

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026