33 matches found
EUVD-2025-205861
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without...
EUVD-2025-205864
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system...
EUVD-2025-205863
Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially...
CVE-2025-15114
Ksenia Security lares legacy model Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system...
CVE-2025-15112
Ksenia Security lares legacy model version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a...
CVE-2025-15111
Ksenia Security lares legacy model version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system...
CVE-2025-15112
Ksenia Security lares legacy model version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a...
CVE-2025-15111
Ksenia Security lares legacy model version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system...
CVE-2025-15114 Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability
Ksenia Security lares legacy model Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system...
CVE-2025-15114
CVE-2025-15114 affects Ksenia Security Lares 4.0 Home Automation (v1.6). The root cause is exposure of the alarm PIN in the basisInfo XML response after authentication, allowing an unauthenticated or post-auth access to retrieve the PIN from server responses and bypass security to disable the ala...
CVE-2025-15113 Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload
Ksenia Security lares legacy model Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary...
CVE-2025-15112
Ksenia Security Lares 4.0 Home Automation 1.6 contains a URL redirection vulnerability in the cmdOk.xml script. The issue arises from accepting and manipulating the redirectPage GET parameter, enabling an attacker to craft links that redirect authenticated users to arbitrary websites when the use...
CVE-2025-15113 Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload
Ksenia Security lares legacy model Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary...
CVE-2025-15112 Ksenia Security lares Home Automation 1.6 URL Redirection Vulnerability
Ksenia Security lares legacy model version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a...
CVE-2025-15112 Ksenia Security lares Home Automation 1.6 URL Redirection Vulnerability
Ksenia Security lares legacy model version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a...
CVE-2025-15111 Ksenia Security lares Home Automation 1.6 Default Credentials Vulnerability
Ksenia Security lares legacy model version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system...
CVE-2025-15111 Ksenia Security lares Home Automation 1.6 Default Credentials Vulnerability
Ksenia Security lares legacy model version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system...
CVE-2025-15111
Ksenia Security Lares 4.0 Home Automation (version 1.6) is affected by a default credentials vulnerability that lets an unauthenticated attacker gain administrative access and full control of the system. Root cause: weak/default admin credentials. Impact: administrative access with high confident...
Ksenia Security Lares 4.0 Home Automation 信任管理问题漏洞
Ksenia Security Lares 4.0 Home Automation is an intelligent security and home automation control platform from Ksenia Security, Italy. A trust management issue vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6, which stems from default credentials and could allow an...
PT-2025-54262
Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6 Description A critical security flaw exists that exposes the alarm system PIN in the basisInfo XML file after authentication. An attacker can retrieve the PIN from the server response and...