Home

Description

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

PUBLISHED Reserved 2025-12-27 | Published 2025-12-30 | Updated 2025-12-30 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Use of Hard-coded Credentials

Product status

1.6
affected

1.0.0.15
affected

Credits

Mencha Isajlovska of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php (Zero Science Lab Disclosure (ZSL-2025-5927)) third-party-advisory

packetstorm.news/files/id/190180/ (Packet Storm Security Exploit Entry) exploit

www.kseniasecurity.com/ (Ksenia Security Vendor Homepage) product

www.vulncheck.com/...ation-default-credentials-vulnerability (VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 Default Credentials Vulnerability) third-party-advisory

cve.org (CVE-2025-15111)

nvd.nist.gov (CVE-2025-15111)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.