CVE-2026-5573

Published: Apr 5, 2026Modified: Apr 30, 2026

5.5

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Technostrobe: Hi Led Wr120 G2 Firmware

1 product

Hi Led Wr120 G2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technostrobe Hi Led Wr120 G2 Firmware	Version 5.5.0.1r6.03.30

Running on/with	Platform Versions
Technostrobe Hi Led Wr120 G2	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-05-FileUpload.md

Source: cna@vuldb.com

ExploitMitigationThird Party Advisory

https://vuldb.com/submit/783326

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/355343

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/vuln/355343/cti

Source: cna@vuldb.com

Permissions RequiredVDB Entry

Timeline

No history available yet.