ГлавнаяУязвимости → CVE-2025-15114
9.8критическая

CVE-2025-15114

Описание

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

Затрагиваемое ПО
Kseniasecurity Lares firmwareKseniasecurity Lares
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerabilityhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php