Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
References
| Link | Resource |
|---|---|
| https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability | Third Party Advisory |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php | Third Party Advisory |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php | Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
13 Jan 2026, 21:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability - Third Party Advisory | |
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php - Third Party Advisory | |
| CWE | CWE-668 | |
| First Time |
Kseniasecurity
Kseniasecurity lares Kseniasecurity lares Firmware |
|
| CPE | cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:* cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:* |
02 Jan 2026, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php - |
30 Dec 2025, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-30 23:15
Updated : 2026-01-13 21:02
NVD link : CVE-2025-15114
Mitre link : CVE-2025-15114
CVE.ORG link : CVE-2025-15114
JSON object : View
Products Affected
kseniasecurity
- lares_firmware
- lares