Auth bypass in Tinycontrol Lan Controller
CVE-2023-7329
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the d…
Vulnerability class: Broken Authentication
EPSS: 0.008 (52.6th percentile) — read the EPSS interpretation.
Affected products
- Tinycontrol Lan Controller — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (vdb-entry)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)