| Title | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Broken Access Control |
|---|
| Description | The embedded web interface fails to enforce proper access control on administrative endpoints. Sensitive resources are directly accessible without authentication.
Affected Endpoints Example:
/Technostrobe/
│ ├── surveillance_generale.html ← [0.1] Open to all
│ ├── surveillance_psu.html ← [0.2] Open to all
│ ├── configPassword.html ← [0.3] Change passwords
│ └── alarmConfig.html ← [0.4] Tamper alarms
│
└── /LoginCB (POST) ← [0.5] Change ANY password
1
Host: <target>
Accessing protected pages does not require a valid session or authentication token. The server responds with full administrative interface content.
Root Cause:
The application does not validate authentication state on protected routes. Authorization checks are either missing or improperly implemented at the server level.
Impact:
An unauthenticated attacker can:
Access administrative interface
View system configuration
Interact with device controls
This vulnerability allows full system interaction without credentials. |
|---|
| Source | ⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-01-BrokenAccessControl.md |
|---|
| User | shiky8 (UID 96565) |
|---|
| Submission | 03/20/2026 01:08 (18 days ago) |
|---|
| Moderation | 04/04/2026 16:41 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355339 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 Endpoint /Technostrobe/ access control] |
|---|
| Points | 20 |
|---|