EUVD-2026-19087
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Improper access controls in Technostrobe HI-LED-WR120-G2 firmware 5.5.0.1R6.03.30 enable unauthenticated remote attackers to bypass authentication mechanisms via the /Technostrobe/ endpoint, exposing multiple endpoints with low-level confidentiality, integrity, and availability impact. Publicly available exploit code exists demonstrating the authentication bypass (CVSS 7.3, EPSS data not provided). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Technostrobe HI-LED-WR120-G2 devices in your network; isolate affected devices from untrusted network segments if operationally feasible. Within 7 days: Implement network-level access controls restricting traffic to the /Technostrobe/ endpoint to authorized administrative systems only; apply strong firewall rules limiting inbound access to affected devices; consider disabling non-critical endpoints if supported by firmware. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today