Platform
linux
Component
technostrobe-hi-led-wr120-g2
Fixed in
5.5.1
CVE-2026-5574 describes a security flaw in the Technostrobe HI-LED-WR120-G2 device, specifically within the FsBrowseClean component. This vulnerability allows for unauthorized deletion of files due to a missing authorization check when manipulating the directory path argument in the deletefile function. The vulnerability affects version 5.5.0.1R6.03.30 and the exploit has been publicly disclosed, with no response from the vendor.
A critical security vulnerability has been detected in the Technostrobe HI-LED-WR120-G2 device, specifically version 5.5.0.1R6.03.30. The vulnerability, cataloged as CVE-2026-5574, resides in the deletefile function of the FsBrowseClean component. This authorization failure allows a remote attacker to delete arbitrary files on the device by manipulating the dir/path argument. The CVSS score of 6.5 indicates a moderate risk, but the public disclosure of the exploit and the lack of response from the vendor significantly increase the urgency of addressing this issue. The absence of a provided fix by Technostrobe leaves users exposed to potential attacks and data loss. Users are strongly advised to evaluate alternatives or implement additional security measures until an update is released.
The CVE-2026-5574 vulnerability in the HI-LED-WR120-G2 allows for remote code execution through manipulation of the dir/path argument in the deletefile function. An attacker can send a specially crafted request to the device, tricking the FsBrowseClean component into deleting files it would not normally have permission to delete. The public disclosure of the exploit facilitates its use by malicious actors, increasing the risk of attacks. The lack of proper authentication or authorization within the deletefile function is the root cause of this vulnerability. The remote nature of the attack means an attacker does not need physical access to the device to exploit it. The vendor's lack of response exacerbates the situation, as users have no official solution available.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
Given that Technostrobe has not provided a fix for CVE-2026-5574, mitigation options are limited and require a proactive approach. Network segmentation, restricting access to the HI-LED-WR120-G2 device from untrusted networks, is an essential measure. Monitoring network activity for suspicious patterns, such as unauthorized file deletion requests, can help detect and respond to potential attacks. Consider disconnecting the device from the network if it is not absolutely necessary. Furthermore, it is recommended to maintain a detailed log of all important files to facilitate recovery in the event of an incident. The vendor’s lack of response underscores the importance of implementing these preventative security measures.
Actualizar el dispositivo HI-LED-WR120-G2 a una versión corregida por el fabricante. Debido a la falta de respuesta del proveedor, se recomienda contactar directamente a Technostrobe para obtener información sobre actualizaciones de seguridad o soluciones alternativas. Hasta que se disponga de una actualización, se recomienda restringir el acceso a la función deletefile y monitorear el dispositivo en busca de actividad sospechosa.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for this security vulnerability.
Currently, there is no publicly available information regarding the reason for the vendor’s lack of response. Contacting Technostrobe directly is recommended for further information.
Implement additional security measures, such as network segmentation and network activity monitoring.
Depending on your needs, there may be. Research devices from other vendors that provide timely security updates.
Monitor security websites and mailing lists for information regarding Technostrobe’s security updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.