CVE-2026-5574

MediumPublic PoC

Published: 05 April 2026

Published

05 April 2026

Modified

01 May 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS Score 0.0005 17.0th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5574 is a medium-severity Missing Authorization (CWE-862) vulnerability in Technostrobe Hi-Led-Wr120-G2 Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

AC-3 mandates enforcement of approved authorizations for access to system resources like files, directly addressing the missing authorization check in the deletefile function.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 explicitly prohibits unauthorized actions such as remote file deletion without identification or authentication, countering the PR:N exploitation vector.

SI-2 Flaw Remediation good match

preventrecover

SI-2 requires timely identification, reporting, and remediation of flaws like this missing authorization vulnerability in the FsBrowseClean component.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1070.004 File Deletion Stealth

Adversaries may delete files left behind by the actions of their intrusion activity.

attack.mitre.org →

Why these techniques?

The missing authorization vulnerability in the public-facing deletefile function directly enables remote unauthenticated exploitation of the application (T1190) and facilitates unauthorized file deletion (T1070.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been disclosed…

publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-5574 is a missing authorization vulnerability affecting the deletefile function within the FsBrowseClean component of Technostrobe HI-LED-WR120-G2 firmware version 5.5.0.1R6.03.30. The issue arises from improper handling of the dir/path argument, allowing bypass of authorization checks. Published on 2026-04-05, it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) and maps to CWEs-862 (Missing Authorization) and CWE-863 (Incorrect Authorization).

The vulnerability enables remote exploitation by unauthenticated attackers (PR:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation results in limited impacts to integrity (I:L) and availability (A:L), with no confidentiality loss (C:N), potentially allowing unauthorized file deletion on the affected device.

Advisories from VulDB (vuln/355344) and a GitHub repository detail the public disclosure of an exploit, noting it may be actively used. The vendor was contacted early regarding the issue but provided no response, and no patches or official mitigations are referenced in the available sources.