← volver
CVE-2025-15114

Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability

CVSS 9.3 CRITICALEPSS 0.5%CWE-403
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Ksenia Security S.p.A. · lares

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerabilityhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php