Description
A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-05
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site request forgery that could let an attacker perform unauthorized actions on the device
Action: Monitor System
AI Analysis

Impact

A legitimate user’s session can be tricked into sending requests that alter device state. The flaw resides in an undocumented function that accepts authenticated commands without proper CSRF safeguards. Attackers can launch this remotely by sending crafted requests from any webpage. The weakness is manifested as a classic CSRF attack (CWE‑352) and is compounded by missing access‑control checks (CWE‑862), allowing changes that should only be available to privileged users.

Affected Systems

Technostrobe HI‑LED‑WR120‑G2 devices running firmware version 5.5.0.1R6.03.30 are affected. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. Exploitability is possible from a remote host, and public exploit code is available. The vulnerability is not yet catalogued in CISA’s KEV list, but the lack of vendor response raises concern. The potential impact ranges from unauthorized configuration changes to full device compromise if additional higher‑privilege flaws exist. Monitoring for anomalous request patterns and applying any available firmware update are recommended to reduce risk.

Generated by OpenCVE AI on April 5, 2026 at 16:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the current firmware version on each device and upgrade to any available patch that removes the CSRF flaw; if a patch is not yet released, contact Technostrobe for a security advisory.
  • Disable or restrict remote management interfaces that expose the vulnerable function, allowing only local or network‑restricted access.
  • Configure the web interface to use anti‑CSRF tokens or require double‑authentication for state‑changing requests.
  • Apply firewall or network segmentation rules to limit which hosts can reach the device’s management ports.
  • Enable detailed logging on the device and regularly review logs for unexpected or repeated state‑changing requests.
  • If applicable, replace the device with a newer model that does not suffer from this issue or has been hardened against CSRF attacks.

Generated by OpenCVE AI on April 5, 2026 at 16:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Technostrobe hi-led-wr120-g2 Firmware
CPEs cpe:2.3:h:technostrobe:hi-led-wr120-g2:-:*:*:*:*:*:*:*
cpe:2.3:o:technostrobe:hi-led-wr120-g2_firmware:5.5.0.1r6.03.30:*:*:*:*:*:*:*
Vendors & Products Technostrobe hi-led-wr120-g2 Firmware

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Technostrobe
Technostrobe hi-led-wr120-g2
Vendors & Products Technostrobe
Technostrobe hi-led-wr120-g2

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title Technostrobe HI-LED-WR120-G2 cross-site request forgery
Weaknesses CWE-352
CWE-862
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Technostrobe Hi-led-wr120-g2 Hi-led-wr120-g2 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-06T14:50:35.442Z

Reserved: 2026-04-04T14:41:11.268Z

Link: CVE-2026-5572

cve-icon Vulnrichment

Updated: 2026-04-06T14:46:36.054Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T14:16:18.323

Modified: 2026-04-30T20:51:54.847

Link: CVE-2026-5572

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:56:39Z

Weaknesses