CVE-2023-7329

Sažetak

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/275810
https://packetstormsecurity.com/files/174455/
https://tinycontrol.pl/en/archives/lan-controller-35/
https://www.exploit-db.com/exploits/51730
https://www.vulncheck.com/advisories/tinycontrol-lan-controller-v3-remote-dos
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

14-11-2025 - 16:42

Objavljeno

12-11-2025 - 22:15