Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Credentials exposure in tinycontrol devices
Vulnerability Description
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).
CVSS Information
N/A
Vulnerability Type
直接请求(强制性浏览)
Vulnerability Title
Tinycontrol多款产品 安全漏洞
Vulnerability Description
Tinycontrol tcPDU等都是波兰Tinycontrol公司的产品。Tinycontrol tcPDU是一款网络分配单元。Tinycontrol LAN Controllers LK3.5是一款环境参数远程监控和控制设备。Tinycontrol LAN Controllers LK3.9是一款环境参数远程监控和控制设备。 Tinycontrol多款产品存在安全漏洞,该漏洞源于低权限用户可直接访问特定资源,可能导致读取管理员密码。以下产品受到影响:Lan Kontroler v3.5、LK3.9、
CVSS Information
N/A
Vulnerability Type
N/A