| タイトル | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Broken Access Control |
|---|
| 説明 | The embedded web interface fails to enforce proper access control on administrative endpoints. Sensitive resources are directly accessible without authentication.
Affected Endpoints Example:
/Technostrobe/
│ ├── surveillance_generale.html ← [0.1] Open to all
│ ├── surveillance_psu.html ← [0.2] Open to all
│ ├── configPassword.html ← [0.3] Change passwords
│ └── alarmConfig.html ← [0.4] Tamper alarms
│
└── /LoginCB (POST) ← [0.5] Change ANY password
1
Host: <target>
Accessing protected pages does not require a valid session or authentication token. The server responds with full administrative interface content.
Root Cause:
The application does not validate authentication state on protected routes. Authorization checks are either missing or improperly implemented at the server level.
Impact:
An unauthenticated attacker can:
Access administrative interface
View system configuration
Interact with device controls
This vulnerability allows full system interaction without credentials. |
|---|
| ソース | ⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-01-BrokenAccessControl.md |
|---|
| ユーザー | shiky8 (UID 96565) |
|---|
| 送信 | 2026年03月20日 01:08 (21 日 ago) |
|---|
| モデレーション | 2026年04月04日 16:41 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355339 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 Endpoint /Technostrobe/ 特権昇格] |
|---|
| ポイント | 20 |
|---|