← voltar
CVE-2025-15114

Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability

CVSS 9.3 CRITICALEPSS 0.5%CWE-403
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Ksenia Security S.p.A. · lares

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerabilityhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php