Hi Led Wr120 G2
Monthly
Remote unauthenticated attackers can bypass authorization checks in the FsBrowseClean component's deletefile function of Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 by manipulating the dir/path argument, enabling unauthorized file deletion. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications. CVSS 6.9 reflects moderate integrity impact with network-accessible attack surface and low attack complexity.
Unrestricted file upload in Technostrobe HI-LED-WR120-G2 firmware version 5.5.0.1R6.03.30 allows remote unauthenticated attackers to upload arbitrary files by manipulating the cwd argument in the /fs endpoint. CVSS 6.9 reflects moderate confidentiality, integrity, and availability impact across local and remote boundaries. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts.
Technostrobe HI-LED-WR120-G2 firmware versions up to 5.5.0.1R6.03.30 allow remote unauthenticated attackers to disclose sensitive information through manipulation of file path arguments in the Configuration Data Handler's /fs endpoint. The vulnerability has a publicly available exploit and low-to-moderate real-world risk profile (CVSS 5.3, EPSS context suggests opportunistic rather than widespread targeting), though vendor non-responsiveness limits confidence in patch availability.
Improper authentication in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 allows unauthenticated remote attackers to bypass authentication controls via the index_config function in /LoginCB endpoint. Publicly available exploit code exists. With EPSS data unavailable and no CISA KEV listing, exploitation likelihood remains moderate, though the low attack complexity (CVSS AC:L) and network-accessible attack vector increase accessibility for opportunistic attacks against exposed industrial LED display controllers.
Improper access controls in Technostrobe HI-LED-WR120-G2 firmware 5.5.0.1R6.03.30 enable unauthenticated remote attackers to bypass authentication mechanisms via the /Technostrobe/ endpoint, exposing multiple endpoints with low-level confidentiality, integrity, and availability impact. Publicly available exploit code exists demonstrating the authentication bypass (CVSS 7.3, EPSS data not provided). Vendor did not respond to coordinated disclosure attempts, leaving users at elevated risk without official remediation guidance.
Remote unauthenticated attackers can bypass authorization checks in the FsBrowseClean component's deletefile function of Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 by manipulating the dir/path argument, enabling unauthorized file deletion. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications. CVSS 6.9 reflects moderate integrity impact with network-accessible attack surface and low attack complexity.
Unrestricted file upload in Technostrobe HI-LED-WR120-G2 firmware version 5.5.0.1R6.03.30 allows remote unauthenticated attackers to upload arbitrary files by manipulating the cwd argument in the /fs endpoint. CVSS 6.9 reflects moderate confidentiality, integrity, and availability impact across local and remote boundaries. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts.
Technostrobe HI-LED-WR120-G2 firmware versions up to 5.5.0.1R6.03.30 allow remote unauthenticated attackers to disclose sensitive information through manipulation of file path arguments in the Configuration Data Handler's /fs endpoint. The vulnerability has a publicly available exploit and low-to-moderate real-world risk profile (CVSS 5.3, EPSS context suggests opportunistic rather than widespread targeting), though vendor non-responsiveness limits confidence in patch availability.
Improper authentication in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 allows unauthenticated remote attackers to bypass authentication controls via the index_config function in /LoginCB endpoint. Publicly available exploit code exists. With EPSS data unavailable and no CISA KEV listing, exploitation likelihood remains moderate, though the low attack complexity (CVSS AC:L) and network-accessible attack vector increase accessibility for opportunistic attacks against exposed industrial LED display controllers.
Improper access controls in Technostrobe HI-LED-WR120-G2 firmware 5.5.0.1R6.03.30 enable unauthenticated remote attackers to bypass authentication mechanisms via the /Technostrobe/ endpoint, exposing multiple endpoints with low-level confidentiality, integrity, and availability impact. Publicly available exploit code exists demonstrating the authentication bypass (CVSS 7.3, EPSS data not provided). Vendor did not respond to coordinated disclosure attempts, leaving users at elevated risk without official remediation guidance.