Which versions of Hi Led Wr120 G2 are affected by EUVD-2026-19087?

Technostrobe HI-LED-WR120-G2 devices running firmware 5.5.0.1R6.03.30 contain an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive endpoints and…

Is there a public PoC exploit available for EUVD-2026-19087?

Yes, a public proof-of-concept exploit is available for EUVD-2026-19087. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-19087?

Within 24 hours: Identify and inventory all Technostrobe HI-LED-WR120-G2 devices in your network; isolate affected devices from untrusted network segments if operationally feasible. Within 7 days: Implement network-level access controls restricting traffic to the /Technostrobe/ endpoint to authorized administrative systems only; apply strong firewall rules limiting inbound access to affected devices; consider disabling non-critical endpoints if supported by firmware. Within 30 days: Contact Technostrobe directly to escalate patch status; evaluate replacement with alternative LED control solutions that receive active vendor support; implement continuous monitoring of device endpoints for unauthorized access attempts.

Hi Led Wr120 G2 EUVD-2026-19087

Q: What is the CVSS score of EUVD-2026-19087?

EUVD-2026-19087 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-5569 MEDIUM

Improper Access Control (CWE-284)

2026-04-05 VulDB

Authentication Bypass Hi Led Wr120 G2

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 05, 2026 - 14:00 euvd

EUVD-2026-19087

Analysis Generated

Apr 05, 2026 - 14:00 vuln.today

CVE Published

Apr 05, 2026 - 13:15 nvd

MEDIUM 6.9

DescriptionCVE.org

A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Improper access controls in Technostrobe HI-LED-WR120-G2 firmware 5.5.0.1R6.03.30 enable unauthenticated remote attackers to bypass authentication mechanisms via the /Technostrobe/ endpoint, exposing multiple endpoints with low-level confidentiality, integrity, and availability impact. Publicly available exploit code exists demonstrating the authentication bypass (CVSS 7.3, EPSS data not provided). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Real-world risk is elevated despite the CVSS base score of 7.3 being in the 'high' rather than 'critical' range. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker scans Internet-facing or internal networks for Technostrobe HI-LED-WR120-G2 devices, identifying them via banner grabbing or default web interface signatures. Using the publicly available exploit code from GitHub, the attacker sends crafted HTTP requests to the /Technostrobe/ endpoint without authentication, successfully bypassing access controls due to CWE-284 implementation flaws. …
Remediation	No vendor-released patch has been identified at time of analysis, as Technostrobe did not respond to vulnerability disclosure attempts documented in VulDB submission 783322. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all Technostrobe HI-LED-WR120-G2 devices in your network; isolate affected devices from untrusted network segments if operationally feasible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-19087 vulnerability details – vuln.today

Back