EUVD-2025-205864

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system...

EUVD-2025-205861

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without...

EUVD-2025-205863

Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially...

CVE-2025-15114

Ksenia Security lares legacy model Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system...

CVE-2025-15112

Ksenia Security lares legacy model version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a...

CVE-2025-15111

Ksenia Security lares legacy model version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system...

CVE-2025-15114

CVE-2025-15114 affects Ksenia Security Lares 4.0 Home Automation (v1.6). The root cause is exposure of the alarm PIN in the basisInfo XML response after authentication, allowing an unauthenticated or post-auth access to retrieve the PIN from server responses and bypass security to disable the ala...

PT-2025-54262

Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6 Description A critical security flaw exists that exposes the alarm system PIN in the basisInfo XML file after authentication. An attacker can retrieve the PIN from the server response and...

Ksenia Security Lares 4.0 Home Automation 输入验证错误漏洞

Ksenia Security Lares 4.0 Home Automation is a smart security and home automation control platform from Ksenia Security, Italy. An input validation error vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6, which stems from the manipulation of the redirectPage GET...

Ksenia Security Lares 4.0 Home Automation 安全漏洞

Ksenia Security Lares 4.0 Home Automation is an intelligent security and home automation control platform from Ksenia Security, Italy. A security vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6, which originates from an unprotected endpoint, and could allow an...

Ksenia Security Lares 4.0 Remote Code Execution

Ksenia Security Lares version 4.0 suffers from a remote code execution vulnerability. Exploit Title: Ksenia Security Lares 4.0 Home Automation Remote Code Execution Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLock' Isajlovska Vendor Homepage: https://www.kseniasecurity.com/e...

Ksenia Security Lares 4.0 Open Redirect

Ksenia Security Lares version 4.0 suffers from an open redirection vulnerability. Exploit Title: Ksenia Security Lares 4.0 Home Automation URL Redirection Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLock' Isajlovska Vendor Homepage: https://www.kseniasecurity.com/en/ Softwar...

Ksenia Security Lares WebServer Home Automation PIN Logic Flaw

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description The Ksenia home automation and burglar alarm system has a security flaw where t...

Ksenia Security Lares WebServer Home Automation Remote Code Execution

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description The device provides access to an unprotected endpoint, enabling the upload of...

Ksenia Security Lares WebServer Home Automation URL Redirection

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description Input passed via the 'redirectPage' GET parameter in 'cmdOk.xml' script is not...

Ksenia Security Lares WebServer Home Automation Default Credentials

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description Ksenia Lares uses a weak set of default administrative credentials that can be...