kseniasecurity CVE 脆弱性と CVE 一覧(4)

製品(CPE): — CVE 件数: 4

kseniasecurity 脆弱性概要

kseniasecurity 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk open redirect があり、vendor surface software deployment and vendor surface production workloads の利用場面で ファイル上書き などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 14 / 4 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-15114 Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication. [email protected] 9.3 0.51% 2025-12-30 2026-06-17
CVE-2025-15113 Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server. [email protected] 9.3 0.43% 2025-12-30 2026-06-17
CVE-2025-15112 Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain. [email protected] 5.1 0.23% 2025-12-30 2026-06-17
CVE-2025-15111 Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system. [email protected] 9.3 0.53% 2025-12-30 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence