Filtered by vendor Tinycontrol
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54327 | 1 Tinycontrol | 1 Lan Controller | 2026-01-05 | 7.5 High |
| Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials. | ||||
| CVE-2023-53739 | 1 Tinycontrol | 1 Lan Controller | 2025-12-12 | N/A |
| Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication. | ||||
| CVE-2023-7329 | 1 Tinycontrol | 1 Lan Controller | 2025-11-14 | N/A |
| Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss. | ||||
Page 1 of 1.