CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Tinycontrol: >> Lan Controller >> 3.8 Security Vulnerabilities

CVE-2023-54327

Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.

CVSS Score

7.5

EPSS Score

0.003

Published

2025-12-30

Page 1

Vulnerabilities

Vulnerable Software

Tinycontrol: >> Lan Controller >> 3.8 Security Vulnerabilities

Products

Pricing

Contact Us