CVE-2026-5572

Published: Apr 5, 2026Modified: Apr 30, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Technostrobe: Hi Led Wr120 G2 Firmware

1 product

Hi Led Wr120 G2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technostrobe Hi Led Wr120 G2 Firmware	Version 5.5.0.1r6.03.30

Running on/with	Platform Versions
Technostrobe Hi Led Wr120 G2	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-04-CSRF.md

Source: cna@vuldb.com

ExploitMitigationThird Party Advisory

https://vuldb.com/submit/783325

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/355342

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/355342/cti

Source: cna@vuldb.com

Permissions RequiredVDB Entry

Timeline

No history available yet.