QwikSec

Security Database

CVE

CWE

Training

CVE-2023-7329

Published: Nov 12, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.

Vendor	Product	Versions
tinycontrol	Lan Controller	affected `0 - <= 1.58a`

Weaknesses (CWE)

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php

technical-description

exploit

https://packetstormsecurity.com/files/174455/

exploit

https://www.exploit-db.com/exploits/51730

exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/275810

vdb-entry

https://tinycontrol.pl/en/archives/lan-controller-35/

product

https://www.vulncheck.com/advisories/tinycontrol-lan-controller-v3-remote-dos

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.