CVE-2025-15111
Default Credentials in Ksenia Security Lares 4.0 Enables Admin Access
Publication date: 2025-12-30
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ksenia_security | lares | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a default credentials issue in Ksenia Security Lares 4.0 Home Automation version 1.6. It allows unauthorized attackers to gain administrative access by exploiting weak default administrative credentials, giving them full control over the home automation system.
How can this vulnerability impact me? :
The vulnerability can allow attackers to gain full administrative control of the home automation system without authorization. This could lead to unauthorized manipulation of the system, potential privacy breaches, and loss of control over home automation devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately change the default administrative credentials on the Ksenia Security Lares 4.0 Home Automation system to strong, unique passwords to prevent unauthorized access.