Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15113 | 1 Kseniasecurity | 2 Lares, Lares Firmware | 2026-01-21 | N/A | 9.3 CRITICAL |
| Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server. | |||||
| CVE-2025-15112 | 1 Kseniasecurity | 2 Lares, Lares Firmware | 2026-01-16 | N/A | 5.4 MEDIUM |
| Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain. | |||||
| CVE-2025-15111 | 1 Kseniasecurity | 2 Lares, Lares Firmware | 2026-01-16 | N/A | 9.8 CRITICAL |
| Ksenia Security Lares 4.0 Home Automation version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system. | |||||
| CVE-2025-15114 | 1 Kseniasecurity | 2 Lares, Lares Firmware | 2026-01-13 | N/A | 9.8 CRITICAL |
| Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication. | |||||