CRITICAL🇵🇱 Wersja polska

CVE-2025-15111

CVSS 9.3v4.0pub. 2025-12-30upd. 2026-03-11

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Kseniasecurity Lares

    HW
    Kseniasecurity
    4.0
  • Kseniasecurity Lares Firmware

    OS
    Kseniasecurity
    1.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-15113CRITICAL9.3PL ✓ten sam produkt

RCE w Ksenia Security Lares przez niezabezpieczony endpoint uploadu MPFS

CVE-2025-15114CRITICAL9.3PL ✓ten sam produkt

Ksenia Security Lares – ujawnienie kodu PIN systemu alarmowego

CVE-2025-15112MEDIUM5.1ten sam produkt

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' s...