Critical Vulnerability Information Title: Tinycontrol LAN Controller v3 (LK3) Remote Admin Password Change Advisory ID: ZSL-2023-5787 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access Risk: (5/5) Release Date: 01.09.2023 Summary: Tinycontrol LAN Controller v3 (LK3) suffers from insecure access control, allowing unauthorized attackers to change account passwords and bypass authentication to gain panel control privileges. Vendor: Tinycontrol - Affected Versions: References: [1] [2] [3] [4]