Vulnerability in Tinycontrol Lk

CVE-2023-53739

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin fil…

EPSS: 0.004 (60.1th percentile) — read the EPSS interpretation.

Affected products

Tinycontrol Lk — versions <=1.58a, HW 3.8
Tinycontrol Lan Controller V — versions <=1.58a, HW 3.8

Weakness classification (CWE)

CWE-260

References

ExploitDB-51731 (exploit)
Tinycontrol Product Homepage (product)
Zero Science Lab Advisory ID (vendor-advisory)
VulnCheck Advisory: Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure (third-party-advisory)