CRITICAL🇵🇱 Wersja polska

CVE-2025-15113

CVSS 9.3v3.1pub. 2025-12-30upd. 2026-03-11

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Kseniasecurity Lares

    HW
    Kseniasecurity
    4.0
  • Kseniasecurity Lares Firmware

    OS
    Kseniasecurity
    1.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-15111CRITICAL9.3PL ✓ten sam produkt

Domyślne dane uwierzytelniające w Ksenia Security Lares – pełny dostęp administracyjny

CVE-2025-15114CRITICAL9.3PL ✓ten sam produkt

Ksenia Security Lares – ujawnienie kodu PIN systemu alarmowego

CVE-2025-15112MEDIUM5.1ten sam produkt

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' s...