CVE-2025-15587
Published: Mar 16, 2026
Modified: Mar 16, 2026
Description
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).
| Vendor | Product | Versions |
|---|---|---|
tinycontrol | Lan Kontroler v3.5 | affected 0 - < 1.67 |
tinycontrol | LK3.9 | affected 0 - < 1.75 |
tinycontrol | LK4 | affected 0 - < 1.38 |
tinycontrol | tcPDU | affected 0 - < 1.36 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now