CVE-2023-7329

UNKNOWN 0.0

Tinycontrol LAN Controller v3 (LK3) Remote DoS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.

CWE	CWE-306
Vendor	tinycontrol
Product	lan controller
Published	Nov 12, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for tinycontrol lan controller

Be the first to know when new unknown vulnerabilities affecting tinycontrol lan controller are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

tinycontrol / Lan Controller

0 ≤ 1.58a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php packetstormsecurity.com: https://packetstormsecurity.com/files/174455/ exploit-db.com: https://www.exploit-db.com/exploits/51730 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/275810 tinycontrol.pl: https://tinycontrol.pl/en/archives/lan-controller-35/ vulncheck.com: https://www.vulncheck.com/advisories/tinycontrol-lan-controller-v3-remote-dos

Credits

Gjoko Krstic of Zero Science Lab