CRITICAL🇵🇱 Wersja polska

CVE-2025-15114

CVSS 9.3v4.0pub. 2025-12-30upd. 2026-03-11

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Kseniasecurity Lares

    HW
    Kseniasecurity
    4.0
  • Kseniasecurity Lares Firmware

    OS
    Kseniasecurity
    1.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-15111CRITICAL9.3PL ✓ten sam produkt

Domyślne dane uwierzytelniające w Ksenia Security Lares – pełny dostęp administracyjny

CVE-2025-15113CRITICAL9.3PL ✓ten sam produkt

RCE w Ksenia Security Lares przez niezabezpieczony endpoint uploadu MPFS

CVE-2025-15112MEDIUM5.1ten sam produkt

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' s...