Auth bypass in Tinycontrol Lan Controller

CVE-2023-7329

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the d…

Vulnerability class: Broken Authentication

EPSS: 0.008 (52.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References