2 matches found
CVE-2025-11500
CVE-2025-11500 affects Tinycontrol devices (tcPDU; LK3.5, LK3.9, LK4). When the secondary authentication (protecting non-interface resources) is disabled (default), an unauthenticated attacker on the local network can read the login page response and access a JSON payload containing usernames and...
CVE-2025-11500 Credentials exposure in tinycontrol devices
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...