EIP-2026-104252

PRE-CVE

FLEX 1085 Web 1.6.0 - HTML Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104252. PoCs published by Mr Empy.

AI-analyzed exploit summary The exploit describes an HTML injection vulnerability in FLEX 1085 Web 1.6.0, where arbitrary HTML code can be injected via the WiFi network name field. The vulnerability is demonstrated by creating a WiFi network with an HTML tag in its name, which is then rendered in the device's dashboard.

Description

FLEX 1085 Web 1.6.0 - HTML Injection

Exploits (1)

exploitdb WRITEUP

by Mr Empy · textwebappsmultiple

https://www.exploit-db.com/exploits/50544

View Code ZIP pw:eip

The exploit describes an HTML injection vulnerability in FLEX 1085 Web 1.6.0, where arbitrary HTML code can be injected via the WiFi network name field. The vulnerability is demonstrated by creating a WiFi network with an HTML tag in its name, which is then rendered in the device's dashboard.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FLEX 1085 Web v1.6.0

Auth required

Prerequisites: Access to the device's dashboard · Ability to create a WiFi network with a custom name

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026