CVE-2023-53739

Name: CVE-2023-53739
Creator: NVD / NIST
Published: 2025-12-09T21:15:51.897+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.9/10EPSS 0.46%

Last modified Jun 17, 2026

CVE-2023-53739 is a critical-severity vulnerability rated 9.9/10 on the CVSS scale. Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.

Metrics

CVSS 4.0

9.9/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.46%

36.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-260

References

Timeline

Published: Dec 9, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2023-53739?

How severe is CVE-2023-53739?

CVE-2023-53739 has a CVSS score of 9.9/10 (CRITICAL severity). The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2023-53739?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-53739?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST