CVE-2026-5570

HighPublic PoCUpdated

Published: 05 April 2026

Published

05 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0041 61.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5570 is a high-severity Improper Authentication (CWE-287) vulnerability in Technostrobe Hi-Led-Wr120-G2 Firmware. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-2 Identification and Authentication (Organizational Users) good match

prevent

Requires robust identification and authentication mechanisms for users accessing the /LoginCB function, directly preventing improper authentication bypass in the device firmware.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations following authentication, blocking unauthorized remote manipulation of the index_config function despite the vulnerability.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and remediation of the improper authentication flaw, addressing the lack of vendor patch for this publicly disclosed CVE.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an improper authentication bypass in a public-facing web interface (/LoginCB), directly enabling remote unauthenticated exploitation of a public-facing application for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may…

be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-5570 is an improper authentication vulnerability (CWE-287) in the Technostrobe HI-LED-WR120-G2 device running firmware version 5.5.0.1R6.03.30. The issue affects the index_config function in the /LoginCB file, enabling manipulation that bypasses authentication mechanisms.

The vulnerability allows remote exploitation by unauthenticated attackers (PR:N) with low attack complexity (AC:L) and no user interaction (UI:N), as reflected in its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Attackers can achieve limited impacts on confidentiality, integrity, and availability through authentication bypass.

Advisories referenced in VulDB entries and a GitHub repository describe the vulnerability and include a publicly disclosed exploit. The vendor was contacted early regarding disclosure but provided no response or mitigation guidance.

The exploit has been publicly disclosed and may be utilized, with no vendor patch available as of publication on 2026-04-05.