Ksenia Security Lares Home Automation PIN Exposure Vulnerability

Vulnerability

A critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 has been identified, which exposes the alarm system PIN in the 'basisInfo' XML file after authentication. This flaw allows attackers to retrieve the PIN from the server response, bypass security measures, and disable the alarm system without additional authentication. The vulnerability arises from the system's design, which improperly exposes sensitive information in API responses, enabling unauthorized access to critical security functions.

Impact

Exploitation of this vulnerability allows for unauthorized access to the alarm system PIN, enabling attackers to disable the alarm and potentially manipulate connected smart home devices. This exposure of sensitive information creates a significant security risk, rendering the alarm system ineffective.

Added: Dec 30, 2025, 11:18 PM

Updated: Dec 30, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ksenia Security Lares Home Automation PIN Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating