CVE-2026-5570
Received Received - Intake
Improper Authentication in Technostrobe HI-LED-WR120-G2 Remote Access

Publication date: 2026-04-05

Last updated on: 2026-04-30

Assigner: VulDB

Description
A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-05
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5570
EUVD
EUVD-2026-19089
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
technostrobe hi-led-wr120-g2_firmware 5.5.0.1r6.03.30
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Technostrobe HI-LED-WR120-G2 allows attackers to bypass authentication and remotely control obstruction lighting, which poses a serious aviation safety risk by potentially causing lights to go dark or display incorrect patterns. This can lead to non-compliance with aviation safety regulations such as ICAO Annex 14 – Aerodrome Design and Operations (Obstacle Lighting).

While the CVE description and resources do not explicitly mention compliance with data protection standards like GDPR or HIPAA, the improper authentication and lack of server-side session validation represent a failure to secure access to critical infrastructure, which could indirectly impact regulatory compliance related to operational safety and security.

Specifically, the risk of tampering with obstruction lighting can cause regulatory compliance issues in aviation safety standards, but there is no direct information about impacts on privacy or data protection regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-5570 is an authentication bypass vulnerability in the Technostrobe HI-LED-WR120-G2 tower obstruction lighting controller, which manages aviation safety lights on tall structures.

The device runs an embedded web server with a flawed authentication mechanism that relies solely on client-side enforcement. The server returns a JSON response indicating authentication success or failure, but does not enforce authentication server-side or validate sessions.

Attackers can intercept and modify the HTTP response (for example, changing "auth": false to "auth": true) using a proxy tool, tricking the client into granting access without valid credentials.

  • Config Panel Bypass: Intercept and modify login response to gain full access to configuration.
  • Direct Access to Surveillance Dashboard: Access certain pages without any authentication.
  • Light Control Board Bypass: Modify responses to control critical light functions remotely.

This vulnerability exists because the device uses an insecure authentication model with no server-side session management, relying only on client-side JavaScript to enforce access control.

Impact Analysis

An attacker exploiting this vulnerability can gain unauthorized access to the lighting controller without credentials.

They can remotely control critical functions such as flash patterns, flash rate, intensity, and synchronization of obstruction lights.

This can cause the lights to go dark, display incorrect patterns, or become unsynchronized, creating serious aviation safety hazards by increasing the risk of aircraft collisions with towers.

Additionally, unauthorized changes can disrupt regulatory compliance related to obstruction lighting.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for POST requests to the /LoginCB endpoint on the device's embedded web server, which typically runs on port 58746.

Using a proxy tool like Burp Suite, intercept the POST /LoginCB response and check if the JSON response contains an "auth" field that can be manipulated from false to true, indicating improper server-side authentication enforcement.

Additionally, attempt direct access to URLs such as /Technostrobe/surveillance_generale.html or /Config/index_config.html on the device without authentication to verify if access is granted improperly.

  • Use curl or similar tools to test access without authentication, for example: curl -v http://<device-ip>:58746/Technostrobe/surveillance_generale.html
  • Use a proxy tool (e.g., Burp Suite) to intercept and modify POST /LoginCB responses to test if authentication can be bypassed by changing the JSON response from {"auth":false} to {"auth":true}.
Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected device's web interface, especially blocking access to port 58746 from untrusted networks.

Use network segmentation and firewall rules to limit who can reach the device and its management interface.

Monitor and log access attempts to detect suspicious activity, such as attempts to access protected URLs without authentication.

If possible, disable remote management or restrict it to trusted IP addresses until a proper patch or fix is available.

Long term, the vendor should implement server-side authentication enforcement with session management, but until then, network-level controls are critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5570. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart