cbcvebase.

Ksenia Security S.P.A Lares vulnerabilities

4 known vulnerabilities affecting ksenia_security_s.p.a/lares.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-15111P2CRITICALCVSS 9.8v1.6v1.0.0.152025-12-30
CVE-2025-15111 [CRITICAL] CWE-259 CVE-2025-15111: Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that a Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.
nvd
CVE-2025-15114P2CRITICALCVSS 9.8v1.6v1.0.0.152025-12-30
CVE-2025-15114 [CRITICAL] CWE-403 CVE-2025-15114: Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw t Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
nvd
CVE-2025-15113P2CRITICALCVSS 9.8v1.6v1.0.0.152025-12-30
CVE-2025-15113 [CRITICAL] CWE-256 CVE-2025-15113: Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vu Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.
nvd
CVE-2025-15112P4MEDIUMCVSS 5.4v1.6v1.0.0.152025-12-30
CVE-2025-15112 [MEDIUM] CWE-601 CVE-2025-15112: Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cm Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.
nvd
Ksenia Security S.P.A Lares vulnerabilities | cvebase