42 matches found
CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...
CVE-2023-53739
Tinycontrol LAN Controller v3 LK3 (version 1.58a) exposes an unauthenticated vulnerability that allows remote attackers to download configuration backup files (lk3_settings.bin) and extract base64-encoded user and admin passwords. Root cause appears to be improper access control on backups, leadi...
CVE-2023-53739 Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...
PT-2025-50266
Name of the Vulnerable Software and Affected Versions Tinycontrol LAN Controller v3 LK3 version 1.58a Description The Tinycontrol LAN Controller v3 LK3 version 1.58a has an issue that allows remote attackers to download configuration backup files containing sensitive credentials without...
Tinycontrol LAN Controller 安全漏洞
Tinycontrol LAN Controller is a building automation controller from Tinycontrol Poland. A security vulnerability exists in Tinycontrol LAN Controller v3 LK3 version 1.58a, which originates from unauthorized access and could lead to credential disclosure...
CVE-2023-7329
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
CVE-2023-7329
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
CVE-2023-7329
Summary: Tinycontrol LAN Controller v3 LK3 firmware up to 1.58a (HW v3.8) has a missing authentication vulnerability in the stm.cgi endpoint. An unauthenticated, remote attacker can send crafted requests to reboot the device or restore factory settings, causing DoS and configuration loss (no publ...
CVE-2023-7329 Tinycontrol LAN Controller v3 (LK3) Remote DoS
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
CVE-2023-7329 Tinycontrol LAN Controller v3 (LK3) Remote DoS
Tinycontrol LAN Controller v3 LK3 firmware versions up to 1.58a hardware v3.8 contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of...
Tinycontrol LAN Controller 安全漏洞
Tinycontrol LAN Controller is a building automation controller from the Polish company Tinycontrol. A security vulnerability exists in Tinycontrol LAN Controller v3 1.58a and earlier versions, which stems from a lack of authentication in the stm.cgi endpoint and could lead to a denial of service...
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service
Exploit Title: Tinycontrol LAN Controller v3 LK3 1.58a - Remote Denial Of Service Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The...
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction
!/usr/bin/env python Exploit Title: Tinycontrol LAN Controller v3 LK3 - Remote Credentials Extraction Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of...
Tinycontrol LAN Controller 3 Remote Credential Extraction Exploit
!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...
Tinycontrol LAN Controller 3 Remote Admin Password Change Exploit
!/bin/bash : " Tinycontrol LAN Controller v3 LK3 Remote Admin Password Change Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of vario...
Tinycontrol LAN Controller 3 Denial Of Service Vulnerability
Tinycontrol LAN Controller v3 LK3 Remote Denial Of Service Exploit Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of various types of...
Tinycontrol LAN Controller 3 Denial Of Service
Tinycontrol LAN Controller v3 LK3 Remote Denial Of Service Exploit Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of various types of...
Tinycontrol LAN Controller 3 Remote Admin Password Change
!/bin/bash : " Tinycontrol LAN Controller v3 LK3 Remote Admin Password Change Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of vario...
Tinycontrol LAN Controller 3 Remote Credential Extraction
!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...
Tinycontrol LAN Controller v3 (LK3) Remote Admin Password Change
Summary Lan Controller is a very universal device that allows you to connect many different sensors and remotely view their readings and remotely control various types of outputs. It is also possible to combine both functions into an automatic if - this with a calendar when - then. The device...