Which versions of Hi Led Wr120 G2 are affected by CVE-2026-5570?

Technostrobe HI-LED-WR120-G2 industrial LED display controllers (version 5.5.0.1R6.03.30) contain an authentication bypass vulnerability that allows unauthenticated remote attackers to gain…

Is there a public PoC exploit available for CVE-2026-5570?

Yes, a public proof-of-concept exploit is available for CVE-2026-5570. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-5570?

Within 24 hours: Identify and inventory all Technostrobe HI-LED-WR120-G2 devices running version 5.5.0.1R6.03.30 in your environment; immediately restrict network access to the /LoginCB endpoint using firewall rules or network segmentation. Within 7 days: Implement continuous monitoring and alerting for suspicious access attempts to affected devices; document all devices and their current network exposure. Within 30 days: Contact Technostrobe for patch availability status and firmware upgrade timeline; if available, test and deploy patched firmware versions in a controlled manner; if unavailable, implement compensating controls outlined below.

Hi Led Wr120 G2 CVE-2026-5570

Q: What is the CVSS score of CVE-2026-5570?

CVE-2026-5570 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-19089 MEDIUM

Improper Authentication (CWE-287)

2026-04-05 VulDB

GHSA-xr7q-4cmw-j44v

Authentication Bypass Hi Led Wr120 G2

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 05, 2026 - 14:00 euvd

EUVD-2026-19089

Analysis Generated

Apr 05, 2026 - 14:00 vuln.today

CVE Published

Apr 05, 2026 - 13:30 nvd

MEDIUM 6.9

DescriptionCVE.org

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper authentication in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 allows unauthenticated remote attackers to bypass authentication controls via the index_config function in /LoginCB endpoint. Publicly available exploit code exists. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Real-world risk assessment reveals moderate-to-high concern despite the 7.3 CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An external attacker scans internet-exposed IP ranges identifying Technostrobe HI-LED-WR120-G2 web management interfaces through banner grabbing or HTTP fingerprinting. Using the publicly available proof-of-concept code from GitHub, the attacker crafts malicious HTTP requests targeting the /LoginCB endpoint's index_config function, bypassing authentication controls without valid credentials. …
Remediation	No vendor-released patch identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all Technostrobe HI-LED-WR120-G2 devices running version 5.5.0.1R6.03.30 in your environment; immediately restrict network access to the /LoginCB endpoint using firewall rules or network segmentation. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5570 vulnerability details – vuln.today

Back