Login Sign Up

CVE-2025-15111

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Ksenia Security Lares 4.0 Home Automation version 1.6 contains hardcoded default administrative credentials. Attackers can use these weak default credentials to gain full administrative control of the home automation system. All users running the vulnerable version are affected unless they have changed the default credentials.

💻 Affected Systems

Products:
  • Ksenia Security Lares 4.0 Home Automation
Versions: Version 1.6
Operating Systems: Not specified - likely embedded/home automation OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using default administrative credentials. Systems with customized credentials are not vulnerable.

📦 What is this software?

Lares Firmware by Kseniasecurity

View all CVEs affecting Lares Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control, allowing them to manipulate home automation devices (lights, locks, cameras, thermostats), disable security systems, access sensitive data, or use the system as an entry point to other network resources.

🟠

Likely Case

Unauthorized users gain administrative access to the home automation system, potentially compromising privacy, safety, and control of connected devices.

🟢

If Mitigated

If default credentials are changed, the vulnerability is effectively neutralized, though other security measures should still be implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only knowledge of default credentials and network access to the system. No technical exploitation skills needed beyond basic login attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.kseniasecurity.com/

Restart Required: No

Instructions:

1. Log into the Lares 4.0 administrative interface
2. Navigate to user/administrator settings
3. Change the default administrative password to a strong, unique password
4. Ensure no other accounts use default credentials

🔧 Temporary Workarounds

Change Default Credentials

all

Immediately change the default administrative password to a strong, unique password

Network Segmentation

all

Isolate the home automation system from internet access and restrict internal network access

🧯 If You Can't Patch

  • Change all default credentials immediately
  • Isolate the system from network access until credentials can be changed

🔍 How to Verify

Check if Vulnerable:

Attempt to log into the Lares 4.0 administrative interface using default credentials (check vendor documentation or vulnerability reports for specific credentials)

Check Version:

Check system information in Lares 4.0 administrative interface or device labeling

Verify Fix Applied:

Attempt to log in with default credentials - should fail. Verify you can log in with new credentials only.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts followed by successful login
  • Administrative login from unexpected IP addresses
  • Configuration changes from unknown users

Network Indicators:

  • Unauthorized administrative access to Lares 4.0 management interface
  • Suspicious traffic patterns to/from home automation controller

SIEM Query:

source_ip="*" AND destination_port="[Lares management port]" AND event_type="authentication_success" AND user="admin"

📊 Metadata

CVE ID: CVE-2025-15111
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.08% exploit probability (23.4th percentile)
Published: December 30, 2025
Last Updated: February 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON