Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Mar 5, 2026
Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
CVE-2023-54327
Description
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 1.58a+ 1 more
- (no CPE)range: = 1.58a
- (no CPE)range: HW 3.8
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/51732mitreexploit
- www.vulncheck.com/advisories/tinycontrol-lan-controller-a-authentication-bypass-via-admin-password-changemitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5787.phpmitrethird-party-advisory
- www.tinycontrol.plmitreproduct
News mentions
0No linked articles in our index yet.