Vulnerability in Tinycontrol Lan Kontroler V3.5

CVE-2025-15587

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has be…

EPSS: 0.000 (11.2th percentile) — read the EPSS interpretation.

Affected products

Tinycontrol Lan Kontroler V3.5 — versions 0
Tinycontrol Lk3.9 — versions 0
Tinycontrol Lk4 — versions 0
Tinycontrol Tcpdu — versions 0

Weakness classification (CWE)

CWE-425 — Direct Request (Forced Browsing)

References

cvd@cert.pl (third-party-advisory)
cvd@cert.pl (release-notes)
cvd@cert.pl (release-notes)
cvd@cert.pl (release-notes)
cvd@cert.pl (release-notes)