Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability
Vulnerability Description
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
将文件描述符暴露给不受控制的范围(文件描述符泄露)
Vulnerability Title
Ksenia Security Lares 4.0 Home Automation 安全漏洞
Vulnerability Description
Ksenia Security Lares 4.0 Home Automation是意大利Ksenia Security公司的一款智慧安防与家庭自动化控制平台。 Ksenia Security Lares 4.0 Home Automation 1.6版本存在安全漏洞,该漏洞源于身份验证后basisInfo XML文件暴露警报系统PIN,可能导致攻击者绕过安全措施并禁用警报系统。
CVSS Information
N/A
Vulnerability Type
N/A