CVE-2026-5572
Cross-Site Request Forgery in Technostrobe HI-LED-WR120-G
Publication date: 2026-04-05
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| technostrobe | hi-led-wr120-g2_firmware | 5.5.0.1r6.03.30 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5572 is a critical Cross-Site Request Forgery (CSRF) vulnerability in the Technostrobe HI-LED-WR120-G2 obstruction light controller firmware version 5.5.0.1R6.03.30. This vulnerability allows an attacker to remotely change the device's admin password without any authentication or user interaction.
The vulnerability exists because the password change function is accessible via an unauthenticated POST request to the /LoginCB endpoint. The device lacks all standard CSRF protections such as synchronizer tokens, SameSite cookie attributes, Origin or Referer header validation, and does not require the current password to confirm changes.
An attacker can exploit this by hosting a malicious webpage that automatically submits a hidden form to the device's password change endpoint, changing the admin password silently when a victim visits the page. This allows the attacker to gain full control over the device remotely.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to take full control of the Technostrobe HI-LED-WR120-G2 device remotely without authentication.
- The attacker can change the admin password silently, locking out legitimate users.
- Once in control, the attacker can manipulate the device's settings, potentially disrupting critical obstruction lighting systems.
- The attack can be executed remotely via phishing or malicious web pages, making it easy to exploit even if the attacker cannot directly access the device due to firewall restrictions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the device's password change endpoint `/LoginCB`. Specifically, look for POST requests that include parameters such as `updatePassword=0`, `userId=1` or `3`, and a `newPassword` value encoded in base64.
Network administrators can use tools like curl or packet capture utilities to test or detect such requests.
- Use curl to simulate a POST request to the vulnerable endpoint: curl -X POST http://<device-ip>/LoginCB -d "updatePassword=0&userId=1&newPassword=aGFja2VkIQ=="
- Use network monitoring tools (e.g., Wireshark or tcpdump) to capture and analyze HTTP POST traffic to `/LoginCB` on the device.
- Check web server logs on the device for unauthenticated POST requests to `/LoginCB` that attempt to change passwords.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing protections against CSRF attacks and restricting unauthorized password changes.
- Implement CSRF tokens by generating a per-session random token, embedding it as a hidden field in the password change form, and validating it server-side on POST requests.
- Set the `SameSite=Strict` attribute on session cookies to prevent cross-origin cookie sending.
- Validate the `Origin` header on incoming requests to ensure they originate from the deviceβs own domain.
- Require the current password to be provided and verified before allowing a password change.
Since the vendor has not responded, consider isolating the device from untrusted networks and monitoring for suspicious activity until a patch or update is available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-5572 is a critical Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated remote attackers to change the admin password on the Technostrobe HI-LED-WR120-G2 device. This can lead to unauthorized access and control over the device.
Such unauthorized access and control could potentially lead to violations of common security requirements found in standards and regulations like GDPR and HIPAA, which mandate protection of systems against unauthorized access and ensuring integrity and confidentiality of data and systems.
However, the provided information does not explicitly discuss or analyze the direct impact of this vulnerability on compliance with these standards or regulations.