关键信息: Title: Ksenia Security Lares 4.0 Home Automation Default Credentials Advisory ID: ZSL-2025-5927 Type: Local/Remote Impact: System Access, Exposure of System Information, Exposure of Sensitive Information, DoS Risk: 5/5 Release Date: 31.03.2025 Summary: Lares是用于家庭自动化和警报系统的设备,该系统存在默认凭据漏洞,允许远程控制。 Affected Version: Firmware version 1.6 Webserver version 1.0.0.15 Vendor Status: [03.07.2024] Vulnerability discovered. [27.09.2024] Vendor contacted. [30.03.2025] No response from the vendor. [31.03.2025] Public security advisory released. PoC: ksenia_creds.txt Credits: Vulnerability discovered by Mencha Isajlovska - References: [1] packetstormsecurity.nl