Browse all 5 CVE security advisories affecting tinycontrol. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tinycontrol is an industrial control system (ICS) management platform used for monitoring and controlling industrial equipment and processes. Historically, it has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often due to insufficient input validation and authentication bypasses. Privilege escalation vulnerabilities have also been common, allowing unauthorized users to gain elevated system access. The platform's five recorded CVEs highlight persistent security weaknesses in its web interface and communication protocols. No major public security incidents have been documented, but the consistent pattern of vulnerabilities suggests significant risks for industrial environments relying on this system.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11500 | Credentials exposure in tinycontrol devices — Lan Kontroler v3.5CWE-261 | 8.1AI | HighAI | 2026-03-16 |
| CVE-2025-15587 | Credentials exposure in tinycontrol devices — Lan Kontroler v3.5CWE-425 | 8.1AI | HighAI | 2026-03-16 |
| CVE-2023-54327 | Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change — LAN ControllerCWE-862 | 9.8 | Critical | 2025-12-30 |
| CVE-2023-53739 | Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure — Tinycontrol LAN Controller vCWE-260 | 9.1AI | CriticalAI | 2025-12-09 |
| CVE-2023-7329 | Tinycontrol LAN Controller v3 (LK3) Remote DoS — Lan ControllerCWE-306 | 9.1 | - | 2025-11-12 |
This page lists every published CVE security advisory associated with tinycontrol. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.