{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5572","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-04-04T14:41:11.268Z","datePublished":"2026-04-05T14:00:18.156Z","dateUpdated":"2026-04-06T14:50:35.442Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-04-05T14:00:18.156Z"},"title":"Technostrobe HI-LED-WR120-G2 cross-site request forgery","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-352","lang":"en","description":"Cross-Site Request Forgery"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-862","lang":"en","description":"Missing Authorization"}]}],"affected":[{"vendor":"Technostrobe","product":"HI-LED-WR120-G2","versions":[{"version":"5.5.0.1R6.03.30","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-04-04T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-04-04T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-04-04T16:46:34.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"shiky8 (VulDB User)","type":"reporter"},{"lang":"en","value":"VulDB CNA Team","type":"coordinator"}],"references":[{"url":"https://vuldb.com/vuln/355342","name":"VDB-355342 | Technostrobe HI-LED-WR120-G2 cross-site request forgery","tags":["vdb-entry"]},{"url":"https://vuldb.com/vuln/355342/cti","name":"VDB-355342 | CTI Indicators (IOB, IOC)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/submit/783325","name":"Submit #783325 | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Cross-Site Request Forgery (CSRF)","tags":["third-party-advisory"]},{"url":"https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-04-CSRF.md","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-06T14:46:35.004535Z","id":"CVE-2026-5572","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-06T14:50:35.442Z"}}]}}