EUVD-2026-19091
GHSA-hmqg-v897-w4w6
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Technostrobe HI-LED-WR120-G2 firmware versions up to 5.5.0.1R6.03.30 allow remote unauthenticated attackers to disclose sensitive information through manipulation of file path arguments in the Configuration Data Handler's /fs endpoint. The vulnerability has a publicly available exploit and low-to-moderate real-world risk profile (CVSS 5.3, EPSS context suggests opportunistic rather than widespread targeting), though vendor non-responsiveness limits confidence in patch availability.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today