Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HKseniasecurity Lares
HWKseniasecurity4.0Kseniasecurity Lares Firmware
OSKseniasecurity1.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2025-15111CRITICAL9.3PL ✓ten sam produkt
Domyślne dane uwierzytelniające w Ksenia Security Lares – pełny dostęp administracyjny
CVE-2025-15114CRITICAL9.3PL ✓ten sam produkt
Ksenia Security Lares – ujawnienie kodu PIN systemu alarmowego
CVE-2025-15112MEDIUM5.1ten sam produkt
Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' s...