9.8
CVE-2025-15113
- EPSS 0.43%
- Veröffentlicht 30.12.2025 22:41:46
- Zuletzt bearbeitet 11.03.2026 20:16:13
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginKsenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload
Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kseniasecurity ≫ Lares Firmware Version1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.344 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 2.5 | 6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://www.kseniasecurity.com/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php
https://packetstorm.news/files/id/190178/
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload