CVE-2026-5572
CWE-352Published: April 5, 2026· Updated: Apr 7, 2026
Official Description
A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Analysis
CVE-2026-5572 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-5572
View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477) CVSS Vendor Equipment Vulnerabilities v3 10 Gardyn Gardyn IoT Hub Use of Hard-coded Credentials, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Improper Neutralization of HTTP Headers for Scripting Syntax Background Critical Infrastructure Sectors: Food and Agriculture Countries/Areas Deployed: United States Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-13768 Gardyn devices expose a privi [xlite_meta score:73 src:CISA Alerts xlite_fp:36e177a9fd1834613f5cafee0a325c4ab45907b8f24b540e5e04b99b07afc766]
View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions of StoneFly Storage Concentrator are affected: Storage Concentrator <8.0.4.22 (CVE-2026-56415, CVE-2026-55721, CVE-2026-50040) Storage Concentrator Virtual Machine <8.0.4.22 (CVE-2026-56415, CVE-2026-55721, CVE-2026-50040) Storage Concentrator <8.0.4.26 (CVE-2026-50110) Storage Concentrator Virtual Machine <8.0.4.26 (CVE-2026-50110) Storage Concentrator <8.0.4.29 (CVE-2026-56413) Storage Concentrator Virtual Machine <8.0.4.29 (CVE-2026-56413) CVSS Vendor Eq [xlite_meta score:79 src:CISA Alerts xlite_fp:2f8559e4452f6c57151c549e0f027fd86b762c9dc4733bdd8bd7e1a17a2216f7]
All References (4)
Quick Facts
Related CVEs (CWE-352)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-5572 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts