Primary

Context

Ksenia Security Lares Home Automation Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6. This vulnerability arises from an unprotected endpoint that allows authenticated attackers to upload MPFS File System binary images. Exploitation of this vulnerability can lead to overwriting flash program memory, with the potential to execute arbitrary code on the home automation system's web server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, authenticated attackers can upload MPFS File System binary images through the unprotected endpoint at '/upload'. This action overwrites the flash program memory that contains the web server's main interfaces, potentially leading to arbitrary code execution.

Added: Dec 30, 2025, 11:19 PM

Updated: Dec 30, 2025, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ksenia Security Lares Home Automation Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating