CVE-2025-15587
Credentials exposure in tinycontrol devices
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) andΒ 1.38 (for LK4 - hardware version 4.0).
| CWE | CWE-425 |
| Vendor | tinycontrol |
| Product | lan kontroler v3.5 |
| Published | Mar 16, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for tinycontrol lan kontroler v3.5
Be the first to know when new unknown vulnerabilities affecting tinycontrol lan kontroler v3.5 are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
tinycontrol / Lan Kontroler v3.5
0 < 1.67
tinycontrol / LK3.9
0 < 1.75
tinycontrol / LK4
0 < 1.38
tinycontrol / tcPDU
0 < 1.36
References
cert.pl: https://cert.pl/en/posts/2026/03/CVE-2025-11500/ tinycontrol.pl: https://tinycontrol.pl/en/archives/lan-controller-35/downloads/#firmware tinycontrol.pl: https://tinycontrol.pl/en/lk39/downloads/#firmware tinycontrol.pl: https://tinycontrol.pl/en/lk4/downloads/#firmware tinycontrol.pl: https://tinycontrol.pl/en/tcpdu/downloads/#firmware