CVE-2025-15111

Critical

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain…

VulnCheck·CWE-259·Published 2025-12-30

CVSS

9.8

EPSS

0.01

KEV

Exploits

Tags:unsupported-when-assigned

cve.orgen

279 chars

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

NVDen

279 chars

NVDes

330 chars

Ksenia Security Lares 4.0 Home Automation versión 1.6 contiene una vulnerabilidad de credenciales por defecto que permite a atacantes no autorizados obtener acceso administrativo. Los atacantes pueden explotar las credenciales administrativas débiles por defecto para obtener control total del sistema de automatización del hogar.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0	Primary	cve.org	9.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4.0	Secondary	NVD	9.3	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X