CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change

Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...

CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change

Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...

Tinycontrol LAN Controller 安全漏洞

Tinycontrol LAN Controller is a building automation controller from Tinycontrol Poland. A security vulnerability exists in Tinycontrol LAN Controller version 1.58a, which stems from an authentication bypass that could lead to modification of administrator credentials...

CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

CVE-2023-53739

Tinycontrol LAN Controller v3 LK3 (version 1.58a) exposes an unauthenticated vulnerability that allows remote attackers to download configuration backup files (lk3_settings.bin) and extract base64-encoded user and admin passwords. Root cause appears to be improper access control on backups, leadi...

CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

CVE-2023-7329

Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...

Tinycontrol LAN Controller 3 Remote Credential Extraction Exploit

!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...

Tinycontrol LAN Controller v3 (LK3) Remote Admin Password Change

Summary Lan Controller is a very universal device that allows you to connect many different sensors and remotely view their readings and remotely control various types of outputs. It is also possible to combine both functions into an automatic if - this with a calendar when - then. The device...

Tinycontrol LAN Controller v3 (LK3) Remote Denial Of Service Exploit

Summary Lan Controller is a very universal device that allows you to connect many different sensors and remotely view their readings and remotely control various types of outputs. It is also possible to combine both functions into an automatic if - this with a calendar when - then. The device...