Tinycontrol Lan Controller vulnerabilities
2 known vulnerabilities affecting tinycontrol/lan_controller.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-54327P2CRITICALCVSS 9.8vHW 3.8≥ Unknown, ≤ 1.58a2025-12-30
CVE-2023-54327 [CRITICAL] CWE-862 CVE-2023-54327: Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthe
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
nvd
CVE-2023-7329P2HIGHCVSS 8.7≤ 1.58a2025-11-12
CVE-2023-7329 [HIGH] CWE-306 CVE-2023-7329: Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.
nvd