High severityNVD Advisory· Published Mar 16, 2026· Updated May 19, 2026
CVE-2025-15587
CVE-2025-15587
Description
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface.
This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6<1.36+ 1 more
- (no CPE)range: <1.36
- (no CPE)range: 0
- Range: <1.67
- Range: <1.75
- Range: <1.38
- Range: 0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.