Security Advisory

CVE-2023-54327

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-30 22:41:43

Last updated 2026-05-14 02:07:05

Assigner VulnCheck

State PUBLISHED

Description

Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.

← Browse all CVEs View on cve.org ↗