Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
Vulnerability Description
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
Tinycontrol LAN Controller 安全漏洞
Vulnerability Description
Tinycontrol LAN Controller是波兰Tinycontrol公司的一个楼宇自动化控制器。 Tinycontrol LAN Controller 1.58a版本存在安全漏洞,该漏洞源于身份验证绕过,可能导致管理员凭据被修改。
CVSS Information
N/A
Vulnerability Type
N/A