CVE-2026-5573

HIGH

Technostrobe HI-LED-WR120-G2 fs unrestricted upload

Title source: cna

Description

A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-355343 | Technostrobe HI-LED-WR120-G2 fs unrestricted upload

https://vuldb.com/vuln/355343

Signature, Permissions Required signature permissions-required

VDB-355343 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/355343/cti

Third Party Advisory third-party-advisory

Submit #783326 | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Unrestricted File Upload

https://vuldb.com/submit/783326

Exploit exploit

https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-05-FileUpload.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0052

EPSS Percentile 39.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (2)

Technostrobe/HI-LED-WR120-G2 5.5.0.1R6.03.30

technostrobe/hi-led-wr120-g2_firmware 5.5.0.1r6.03.30

Published Apr 05, 2026

Tracked Since Apr 05, 2026