| Título | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Broken Access Control |
|---|
| Descripción | The embedded web interface fails to enforce proper access control on administrative endpoints. Sensitive resources are directly accessible without authentication.
Affected Endpoints Example:
/Technostrobe/
│ ├── surveillance_generale.html ← [0.1] Open to all
│ ├── surveillance_psu.html ← [0.2] Open to all
│ ├── configPassword.html ← [0.3] Change passwords
│ └── alarmConfig.html ← [0.4] Tamper alarms
│
└── /LoginCB (POST) ← [0.5] Change ANY password
1
Host: <target>
Accessing protected pages does not require a valid session or authentication token. The server responds with full administrative interface content.
Root Cause:
The application does not validate authentication state on protected routes. Authorization checks are either missing or improperly implemented at the server level.
Impact:
An unauthenticated attacker can:
Access administrative interface
View system configuration
Interact with device controls
This vulnerability allows full system interaction without credentials. |
|---|
| Fuente | ⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-01-BrokenAccessControl.md |
|---|
| Usuario | shiky8 (UID 96565) |
|---|
| Sumisión | 2026-03-20 01:08 (hace 20 días) |
|---|
| Moderación | 2026-04-04 16:41 (16 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 355339 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 Endpoint /Technostrobe/ escalada de privilegios] |
|---|
| Puntos | 20 |
|---|