Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Lares_firmware | Kseniasecurity | 1.6 (including) | 1.6 (including) |
References
- https://packetstorm.news/files/id/190180/
- https://www.kseniasecurity.com/
- https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php