CVE-2026-5570
Improper Authentication in Technostrobe HI-LED-WR120-G2 Remote Access
Publication date: 2026-04-05
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| technostrobe | hi-led-wr120-g2_firmware | 5.5.0.1r6.03.30 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5570 is an authentication bypass vulnerability in the Technostrobe HI-LED-WR120-G2 tower obstruction lighting controller, which manages aviation safety lights on tall structures.
The device runs an embedded web server with a flawed authentication mechanism that relies solely on client-side enforcement. The server returns a JSON response indicating authentication success or failure, but does not enforce authentication server-side or validate sessions.
Attackers can intercept and modify the HTTP response (for example, changing "auth": false to "auth": true) using a proxy tool, tricking the client into granting access without valid credentials.
- Config Panel Bypass: Intercept and modify login response to gain full access to configuration.
- Direct Access to Surveillance Dashboard: Access certain pages without any authentication.
- Light Control Board Bypass: Modify responses to control critical light functions remotely.
This vulnerability exists because the device uses an insecure authentication model with no server-side session management, relying only on client-side JavaScript to enforce access control.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Technostrobe HI-LED-WR120-G2 allows attackers to bypass authentication and remotely control obstruction lighting, which poses a serious aviation safety risk by potentially causing lights to go dark or display incorrect patterns. This can lead to non-compliance with aviation safety regulations such as ICAO Annex 14 – Aerodrome Design and Operations (Obstacle Lighting).
While the CVE description and resources do not explicitly mention compliance with data protection standards like GDPR or HIPAA, the improper authentication and lack of server-side session validation represent a failure to secure access to critical infrastructure, which could indirectly impact regulatory compliance related to operational safety and security.
Specifically, the risk of tampering with obstruction lighting can cause regulatory compliance issues in aviation safety standards, but there is no direct information about impacts on privacy or data protection regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized access to the lighting controller without credentials.
They can remotely control critical functions such as flash patterns, flash rate, intensity, and synchronization of obstruction lights.
This can cause the lights to go dark, display incorrect patterns, or become unsynchronized, creating serious aviation safety hazards by increasing the risk of aircraft collisions with towers.
Additionally, unauthorized changes can disrupt regulatory compliance related to obstruction lighting.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for POST requests to the /LoginCB endpoint on the device's embedded web server, which typically runs on port 58746.
Using a proxy tool like Burp Suite, intercept the POST /LoginCB response and check if the JSON response contains an "auth" field that can be manipulated from false to true, indicating improper server-side authentication enforcement.
Additionally, attempt direct access to URLs such as /Technostrobe/surveillance_generale.html or /Config/index_config.html on the device without authentication to verify if access is granted improperly.
- Use curl or similar tools to test access without authentication, for example: curl -v http://<device-ip>:58746/Technostrobe/surveillance_generale.html
- Use a proxy tool (e.g., Burp Suite) to intercept and modify POST /LoginCB responses to test if authentication can be bypassed by changing the JSON response from {"auth":false} to {"auth":true}.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected device's web interface, especially blocking access to port 58746 from untrusted networks.
Use network segmentation and firewall rules to limit who can reach the device and its management interface.
Monitor and log access attempts to detect suspicious activity, such as attempts to access protected URLs without authentication.
If possible, disable remote management or restrict it to trusted IP addresses until a proper patch or fix is available.
Long term, the vendor should implement server-side authentication enforcement with session management, but until then, network-level controls are critical.