CVE-2023-7329

HIGH

Tinycontrol LAN Controller <1.58a - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-7329. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote denial of service (DoS) vulnerability in Tinycontrol LAN Controller v3 (LK3) 1.58a. It allows an attacker to reboot or reset the device to factory settings by sending direct requests to the stm.cgi endpoint.

Description

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textdoshardware

https://www.exploit-db.com/exploits/51730

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote denial of service (DoS) vulnerability in Tinycontrol LAN Controller v3 (LK3) 1.58a. It allows an attacker to reboot or reset the device to factory settings by sending direct requests to the stm.cgi endpoint.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Tinycontrol LAN Controller v3 (LK3) <=1.58a, HW 3.8

No auth needed

Prerequisites: Network access to the target device · Knowledge of the target IP and port (default: 8082)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory exploit

https://packetstormsecurity.com/files/174455/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51730

Third Party Advisory, VDB Entry vdb-entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/275810

Various Sources product

https://tinycontrol.pl/en/archives/lan-controller-35/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/tinycontrol-lan-controller-v3-remote-dos

Third Party Advisory technical-description exploit

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php

Scores

CVSS v4 8.7

EPSS 0.0059

EPSS Percentile 69.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

tinycontrol/Lan Controller < 1.58a

Published Nov 12, 2025

Tracked Since Feb 18, 2026