Lan Controller
Approved changes feed: RSS · Atom
cpe:2.3:a:tinycontrol:lan_controller:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Tinycontrol (3bcd959c-82a6-56ee-b507-90b9f17ebd67) |
|---|---|
| Product | Lan Controller (8d1c5463-4190-53cc-ae83-5d0a1fa50e4e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-7329 |
vulnerable | 2026-06-08 06:21:57.566245 |
Tinycontrol LAN Controller v3 (LK3) Remote DoS
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.
Published: 2025-11-12T22:06:26.619Z
Updated: 2026-04-07T14:08:27.034Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-54327 |
vulnerable | 2026-06-08 06:19:40.525856 |
Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
CRITICAL (9.8)
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
Published: 2025-12-30T22:41:43.728Z
Updated: 2026-05-14T02:07:05.311Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.