CVE-2023-53739

CRITICAL

Tinycontrol LAN Controller v3 LK3 <1.58a - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53739. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit retrieves a configuration backup file from Tinycontrol LAN Controller v3 (LK3) and extracts sensitive credentials by parsing and decoding base64-encoded strings. It leverages an unauthenticated endpoint to download the backup file.

Description

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · pythonremotehardware
https://www.exploit-db.com/exploits/51731

This exploit retrieves a configuration backup file from Tinycontrol LAN Controller v3 (LK3) and extracts sensitive credentials by parsing and decoding base64-encoded strings. It leverages an unauthenticated endpoint to download the backup file.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Tinycontrol LAN Controller v3 (LK3) <=1.58a, HW 3.8
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 9.9
EPSS 0.0046
EPSS Percentile 36.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-260
Status published
Products (4)
Tinycontrol/LK <=1.58a
Tinycontrol/LK HW 3.8
Tinycontrol/Tinycontrol LAN Controller v <=1.58a
Tinycontrol/Tinycontrol LAN Controller v HW 3.8
Published Dec 09, 2025
Tracked Since Feb 18, 2026