Is there a public PoC exploit available for CVE-2026-5571?

Yes, a public proof-of-concept exploit is available for CVE-2026-5571. Prioritise patching immediately. EPSS: 0.0%.

Hi Led Wr120 G2 CVE-2026-5571

Q: What is the CVSS score of CVE-2026-5571?

CVE-2026-5571 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-19091 MEDIUM

Information Exposure (CWE-200)

2026-04-05 VulDB

GHSA-hmqg-v897-w4w6

Information Disclosure Hi Led Wr120 G2

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 05, 2026 - 14:00 euvd

EUVD-2026-19091

Analysis Generated

Apr 05, 2026 - 14:00 vuln.today

CVE Published

Apr 05, 2026 - 13:45 nvd

MEDIUM 5.5

DescriptionCVE.org

A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Technostrobe HI-LED-WR120-G2 firmware versions up to 5.5.0.1R6.03.30 allow remote unauthenticated attackers to disclose sensitive information through manipulation of file path arguments in the Configuration Data Handler's /fs endpoint. The vulnerability has a publicly available exploit and low-to-moderate real-world risk profile (CVSS 5.3, EPSS context suggests opportunistic rather than widespread targeting), though vendor non-responsiveness limits confidence in patch availability.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Real-world risk is moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker on the internet identifies a Technostrobe HI-LED-WR120-G2 device exposed on a public network (either directly internet-facing or accessible via corporate network enumeration). Using the publicly available exploit from GitHub (https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-03-InfoDisclosure.md), the attacker sends a crafted HTTP request to the /fs endpoint with a manipulated file path argument (e.g., traversal sequence) to extract configuration files. …
Remediation	No vendor-released patch has been identified at time of analysis, and the vendor did not respond to early disclosure notification. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5571 vulnerability details – vuln.today

Back