Description

Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.

Related CPE's

o

kseniasecurity

lares_firmware

1.6

Vulnerable

h

kseniasecurity

lares

4.0

References

https://packetstorm.news/files/id/190179/

Third Party Advisory

https://www.kseniasecurity.com/

Product

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-url-redirection-vulnerability

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-601

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T23:15:49.733Z

2 weeks ago

Last modified

2026-01-07T22:00:45.707Z

1 week ago