Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload
Vulnerability Description
Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
明文存储口令
Vulnerability Title
Ksenia Security Lares 4.0 Home Automation 安全漏洞
Vulnerability Description
Ksenia Security Lares 4.0 Home Automation是意大利Ksenia Security公司的一款智慧安防与家庭自动化控制平台。 Ksenia Security Lares 4.0 Home Automation 1.6版本存在安全漏洞,该漏洞源于未受保护的端点,可能导致经过身份验证的攻击者上传MPFS文件系统二进制映像,进而执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A