CVE-2025-15114

Critical CVSS: 9.3

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

Vendor

Kseniasecurity

Product

Lares Firmware

CWE

CWE-403

Yayın Tarihi

2025-12-30 23:15:50

Güncelleme

2026-03-11 20:16:13

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-403 Lares Firmware CRITICAL Kseniasecurity 2025

Referanslar

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php

Benzer Kayıtlar

Critical

CVE-2025-15111

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized a…

Medium

CVE-2025-15112

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that…

Critical

CVE-2025-15113

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that all…