PT-2026-25662 · Tinycontrol · Lk3.9+3
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2025-15587
CVSS v4.0
8.6
High
| Vector | AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Tinycontrol tcPDU versions prior to 1.36
Tinycontrol LK3.5 versions prior to 1.67
Tinycontrol LK3.9 versions prior to 1.75
Tinycontrol LK4 versions prior to 1.38
Description
Tinycontrol devices, including tcPDU and LAN Controllers LK3.5, LK3.9, and LK4, permit a user with limited privileges to obtain an administrator's password by directly accessing a resource that is not available through the standard graphical interface.
Recommendations
Update tcPDU to firmware version 1.36 or later.
Update LK3.5 to firmware version 1.67 or later.
Update LK3.9 to firmware version 1.75 or later.
Update LK4 to firmware version 1.38 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lk3.9
Lk4
Lan Kontroler V3.5
Tcpdu