QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53739

Published: Dec 9, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.

Vendor	Product	Versions
Tinycontrol	Tinycontrol LAN Controller v	affected `<=1.58a` affected `HW 3.8`
Tinycontrol	LK	affected `<=1.58a` affected `HW 3.8`

Weaknesses (CWE)

References

ExploitDB-51731

exploit

Tinycontrol Product Homepage

product

Zero Science Lab Advisory ID

vendor-advisory

VulnCheck Advisory: Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.