| tiêu đề | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Broken Access Control |
|---|
| Mô tả | The embedded web interface fails to enforce proper access control on administrative endpoints. Sensitive resources are directly accessible without authentication.
Affected Endpoints Example:
/Technostrobe/
│ ├── surveillance_generale.html ← [0.1] Open to all
│ ├── surveillance_psu.html ← [0.2] Open to all
│ ├── configPassword.html ← [0.3] Change passwords
│ └── alarmConfig.html ← [0.4] Tamper alarms
│
└── /LoginCB (POST) ← [0.5] Change ANY password
1
Host: <target>
Accessing protected pages does not require a valid session or authentication token. The server responds with full administrative interface content.
Root Cause:
The application does not validate authentication state on protected routes. Authorization checks are either missing or improperly implemented at the server level.
Impact:
An unauthenticated attacker can:
Access administrative interface
View system configuration
Interact with device controls
This vulnerability allows full system interaction without credentials. |
|---|
| Nguồn | ⚠️ https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-01-BrokenAccessControl.md |
|---|
| Người dùng | shiky8 (UID 96565) |
|---|
| Đệ trình | 20/03/2026 01:08 (cách đây 29 ngày) |
|---|
| Kiểm duyệt | 04/04/2026 16:41 (16 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 355339 [Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30 Endpoint /Technostrobe/ nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|