Security Advisory

CVE-2023-7329

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-12 22:06:26

Last updated 2026-04-07 14:08:27

Assigner VulnCheck

State PUBLISHED

Description

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.

← Browse all CVEs View on cve.org ↗