CVE-2026-5569
Published: 05 April 2026
Summary
CVE-2026-5569 is a high-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Technostrobe Hi-Led-Wr120-G2 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved access control policies to prevent unauthorized remote access to the vulnerable endpoint function due to improper controls.
Implements boundary protections to monitor and control inbound remote communications, blocking unauthenticated exploitation of the access control vulnerability.
Enables monitoring of systems for unauthorized access or anomalous activity indicative of exploitation of the publicly disclosed improper access controls.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remotely exploitable improper access control issue (no authentication required) in a network-exposed endpoint component, directly enabling T1190 for initial access via public-facing application exploitation.
NVD Description
A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made…
more
public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-5569 is a vulnerability involving improper access controls (CWE-266 and CWE-284) in an unknown function within the /Technostrobe/ file of the Endpoint component in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. It has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rated as high severity. Multiple endpoints running this firmware are affected.
The vulnerability can be exploited remotely by unauthenticated attackers with low complexity, requiring no user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, such as unauthorized access to certain functions due to broken access controls.
Advisories from VulDB and a related GitHub repository detail the issue but note no vendor response despite early contact, with no patches or mitigations provided. The exploit has been publicly disclosed and is available for use, as referenced in the GitHub proof-of-concept and VulDB entries. Security practitioners should isolate affected devices and monitor for exploitation attempts until further vendor guidance emerges.
Details
- CWE(s)