| Título | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Broken Access Control |
|---|
| Descrição | The embedded web interface fails to enforce proper access control on administrative endpoints. Sensitive resources are directly accessible without authentication.
Affected Endpoints Example:
/Technostrobe/
│ ├── surveillance_generale.html ← [0.1] Open to all
│ ├── surveillance_psu.html ← [0.2] Open to all
│ ├── configPassword.html ← [0.3] Change passwords
│ └── alarmConfig.html ← [0.4] Tamper alarms
│
└── /LoginCB (POST) ← [0.5] Change ANY password
1
Host: <target>
Accessing protected pages does not require a valid session or authentication token. The server responds with full administrative interface content.
Root Cause:
The application does not validate authentication state on protected routes. Authorization checks are either missing or improperly implemented at the server level.
Impact:
An unauthenticated attacker can:
Access administrative interface
View system configuration
Interact with device controls
This vulnerability allows full system interaction without credentials. |
|---|
| Fonte | ⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-01-BrokenAccessControl.md |
|---|
| Utilizador | shiky8 (UID 96565) |
|---|
| Submissão | 20/03/2026 01h08 (há 22 dias) |
|---|
| Moderação | 04/04/2026 16h41 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 355339 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 Endpoint /Technostrobe/ Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|