Platform
other
Component
technostrobe-hi-led-wr120-g2
Fixed in
5.5.1
A cross-site request forgery (CSRF) vulnerability has been identified in the Technostrobe HI-LED-WR120-G2 firmware version 5.5.0.1R6.03.30. This flaw allows a remote attacker to potentially execute unauthorized actions on the device without the user's knowledge. The vulnerability's impact is amplified by the availability of a public exploit. Due to a lack of vendor response, mitigation strategies are currently limited.
The CSRF vulnerability allows an attacker to craft malicious requests that appear to originate from a legitimate user, tricking the HI-LED-WR120-G2 into performing actions it wouldn't normally. This could include unauthorized configuration changes, potentially granting the attacker control over the device's functionality. Given the public availability of an exploit, the risk of exploitation is significantly elevated. The blast radius extends to any system or network relying on the HI-LED-WR120-G2, as a successful attack could compromise its operation and potentially expose connected systems.
The vulnerability is publicly disclosed and an exploit is available, indicating a high probability of exploitation. The CVE was published on 2026-04-05. The lack of vendor response raises concerns about the device's security posture and the potential for continued exploitation. The EPSS score is likely to be Medium or High given the public exploit and lack of vendor action.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a vendor-provided patch, immediate mitigation options are limited. Network segmentation can help isolate the HI-LED-WR120-G2 from critical systems, reducing the potential impact of a successful attack. Implementing strict access controls and user authentication measures can also help prevent unauthorized access. Monitoring network traffic for suspicious requests targeting the device is crucial. Consider using a Web Application Firewall (WAF) to filter out potentially malicious requests. Regularly review device configurations to identify and correct any misconfigurations that could exacerbate the vulnerability. Verification: After implementing these controls, monitor device logs for any unusual activity.
Due to the lack of response from the vendor, it is recommended to disconnect the device from the network until a security update is published. Monitor Technostrobe's official channels for information on potential patches or workarounds. Implement additional security measures, such as network segmentation, to mitigate the risk of exploitation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5572 is a cross-site request forgery vulnerability affecting Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30, allowing remote attackers to perform unauthorized actions.
You are affected if you are using Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 and have not implemented compensating controls.
A vendor patch is not currently available. Implement network segmentation, access controls, and monitor device logs as interim mitigations.
Yes, a public exploit exists, indicating a high probability of active exploitation.
Due to lack of vendor response, an official advisory is currently unavailable. Monitor Technostrobe's website for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.