CVE-2026-5574: Technostrobe HI-LED Unauthorized File Deletion
Platform
linux
Component
technostrobe-hi-led-wr120-g2
CVE-2026-5574 describes a security flaw in the Technostrobe HI-LED-WR120-G2 device, specifically within the FsBrowseClean component. This vulnerability allows for unauthorized deletion of files due to a missing authorization check when manipulating the directory path argument in the deletefile function. The vulnerability affects version 5.5.0.1R6.03.30 and the exploit has been publicly disclosed, with no response from the vendor.
How to fix
Actualizar el dispositivo HI-LED-WR120-G2 a una versión corregida por el fabricante. Debido a la falta de respuesta del proveedor, se recomienda contactar directamente a Technostrobe para obtener información sobre actualizaciones de seguridad o soluciones alternativas. Hasta que se disponga de una actualización, se recomienda restringir el acceso a la función deletefile y monitorear el dispositivo en busca de actividad sospechosa.
Frequently asked questions
What is CVE-2026-5574?
CVE-2026-5574 is a security vulnerability affecting the Technostrobe HI-LED-WR120-G2 device (version 5.5.0.1R6.03.30). It allows a remote attacker to delete files without proper authorization due to a flaw in the FsBrowseClean component's deletefile function.
Am I affected by CVE-2026-5574?
You are potentially affected if you are using the Technostrobe HI-LED-WR120-G2 device with firmware version 5.5.0.1R6.03.30. The vulnerability is remotely exploitable and has been publicly disclosed.
How can I fix or mitigate CVE-2026-5574?
Currently, no official patch is available from the vendor. Mitigation strategies may include network segmentation to restrict access to the device or implementing strict access controls, though these may not fully prevent exploitation.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free