CVE-2023-53739

EUVD-2023-60177
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/51731
https://www.tinycontrol.pl
https://www.vulncheck.com/advisories/tinycontrol-lan-controller-v3-lk3-unauthenticated-configuration-backup-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5786.php