EUVD-2026-19089
GHSA-xr7q-4cmw-j44v
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Improper authentication in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 allows unauthenticated remote attackers to bypass authentication controls via the index_config function in /LoginCB endpoint. Publicly available exploit code exists. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Technostrobe HI-LED-WR120-G2 devices running version 5.5.0.1R6.03.30 in your environment; immediately restrict network access to the /LoginCB endpoint using firewall rules or network segmentation. Within 7 days: Implement continuous monitoring and alerting for suspicious access attempts to affected devices; document all devices and their current network exposure. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today