CVE-2026-5573: Technostrobe HI-LED Unrestricted Upload (HIGH)
Platform
linux
Component
technostrobe-hi-led-wr120-g2
CVE-2026-5573 describes an unrestricted file upload vulnerability affecting the Technostrobe HI-LED-WR120-G2 device running version 5.5.0.1R6.03.30. Successful exploitation allows an attacker to upload arbitrary files to the system, potentially leading to code execution and system compromise. The vulnerability resides within the /fs file and can be triggered remotely by manipulating the 'cwd' argument. A public exploit is available, and the vendor has not responded to disclosure attempts.
How to fix
Actualice el dispositivo Technostrobe HI-LED-WR120-G2 a una versión corregida que solucione la vulnerabilidad de carga no restringida. Dado que el proveedor no ha respondido, se recomienda contactar directamente a Technostrobe para obtener información sobre actualizaciones o soluciones alternativas. Implemente medidas de seguridad adicionales, como firewalls y sistemas de detección de intrusos, para mitigar el riesgo.
Frequently asked questions
What is CVE-2026-5573?
CVE-2026-5573 is a vulnerability in the Technostrobe HI-LED-WR120-G2 device (version 5.5.0.1R6.03.30) that allows attackers to upload files without restriction. This can be exploited remotely via the /fs file by manipulating the 'cwd' argument.
Am I affected by CVE-2026-5573?
You are potentially affected if you are using the Technostrobe HI-LED-WR120-G2 device with firmware version 5.5.0.1R6.03.30. The vulnerability can be exploited remotely, so any device accessible over a network is at risk.
How can I fix or mitigate CVE-2026-5573?
No official patch is currently available from the vendor. Mitigation strategies may include isolating the device from the network or implementing strict file upload validation if possible, though these are not guaranteed to prevent exploitation.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free