Lucene search
K

12 matches found

EUVD
EUVD
added 2025/12/31 12:31 a.m.6 views

EUVD-2025-205863

Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially...

8CVSS6.2AI score0.00234EPSS
Exploits1References5
CVE
CVE
added 2025/12/30 10:41 p.m.16 views

CVE-2025-15114

CVE-2025-15114 affects Ksenia Security Lares 4.0 Home Automation (v1.6). The root cause is exposure of the alarm PIN in the basisInfo XML response after authentication, allowing an unauthenticated or post-auth access to retrieve the PIN from server responses and bypass security to disable the ala...

9.8CVSS5.5AI score0.00505EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.25 views

CVE-2025-15113 Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload

Ksenia Security lares legacy model Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary...

9.3CVSS0.00433EPSS
Exploits1References4
CVE
CVE
added 2025/12/30 10:41 p.m.17 views

CVE-2025-15112

Ksenia Security Lares 4.0 Home Automation 1.6 contains a URL redirection vulnerability in the cmdOk.xml script. The issue arises from accepting and manipulating the redirectPage GET parameter, enabling an attacker to craft links that redirect authenticated users to arbitrary websites when the use...

5.4CVSS5.7AI score0.00234EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.7 views

PT-2025-54262

Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6 Description A critical security flaw exists that exposes the alarm system PIN in the basisInfo XML file after authentication. An attacker can retrieve the PIN from the server response and...

9.8CVSS6.5AI score0.00505EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

Ksenia Security Lares 4.0 Home Automation 安全漏洞

Ksenia Security Lares 4.0 Home Automation is an intelligent security and home automation control platform from Ksenia Security, Italy. A security vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6, which stems from the exposure of the alarm system PIN in the baseInfo XM...

9.8CVSS6.8AI score0.00505EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.341 views

Ksenia Security Lares 4.0 Default Credentials

Ksenia Security Lares version 4.0 uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Exploit Title: Ksenia Security Lares 4.0 Home Automation Default Credentials Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLoc...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/04/01 12:0 a.m.256 views

Ksenia Security Lares 4.0 Remote Code Execution

Ksenia Security Lares version 4.0 suffers from a remote code execution vulnerability. Exploit Title: Ksenia Security Lares 4.0 Home Automation Remote Code Execution Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLock' Isajlovska Vendor Homepage: https://www.kseniasecurity.com/e...

8.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/03/31 12:0 a.m.234 views

Ksenia Security Lares WebServer Home Automation Remote Code Execution

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description The device provides access to an unprotected endpoint, enabling the upload of...

9.8CVSS6AI score0.00433EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2025/03/31 12:0 a.m.236 views

Ksenia Security Lares WebServer Home Automation Default Credentials

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description Ksenia Lares uses a weak set of default administrative credentials that can be...

9.8CVSS5.8AI score0.0053EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2025/03/31 12:0 a.m.289 views

Ksenia Security Lares WebServer Home Automation URL Redirection

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description Input passed via the 'redirectPage' GET parameter in 'cmdOk.xml' script is not...

5.4CVSS5.9AI score0.00234EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.8 views

PT-2025-54259

Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6 Description Ksenia Security Lares 4.0 Home Automation version 1.6 has a default credentials issue that allows unauthorized access to administrative functions. Successful exploitation grants...

10CVSS6.7AI score0.0053EPSS
Exploits2References11
Rows per page
Query Builder