HIGH
tinycontrol
CVE published 2026-03-16
CVE-2025-11500
CVE-2025-11500 is a HIGH severity (CVSS 8.7) authentication bypass and information disclosure vulnerability affecting Tinycontrol IoT devices including tcPDU, LAN Controller LK3.5, LK3.9, and LK4. The vulnerability stems from a dual-authentication architecture where interface management credentials are exposed via unauthenticated HTTP responses when the secondary resource protection mechanism is disabled— [truncated]