12 matches found
Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
📄 Ilevia EVE X1 Server 4.7.18.0.eden Cross Site Scripting
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from a reflective cross site scripting vulnerability. Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: =4.7.18.0.eden Summary: EVE is a smart...
CVE-2025-34517 Ilevia EVE X1 Server 4.7.18.0.eden Absolute Path Traversal
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34512
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...
CVE-2025-34518 Ilevia EVE X1 Server 4.7.18.0.eden Relative Path Traversal
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34515
The CVE-2025-34515 entry concerns Ilevia EVE X1/X5 Server firmware ≤ 4.7.18.0.eden where a misconfigured or vulnerable sync_project.sh script enables an attacker to escalate privileges to root. Publicly reported details from multiple sources (PacketStorm PoC references for Ilevia EVE X1/X5 Server...
CVE-2025-34513 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Command Injection
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and earlier versions, which stems from the presence of a relative path traversal in getfilecontent.php, which could lead to reading arbitrary file...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which stems from a reflected cross-site scripting vulnerability in index.php that could lead to the execution of arbitrary cod...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from the use of default credentials and could lead to unauthorized remote access...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from a server-side logging mechanism that exposes clear-text credentials, which could lead to authenticati...
Ilevia EVE X1 Server和Ilevia EVE X5 Server 安全漏洞
Ilevia EVE X1 Server and Ilevia EVE X5 Server are both a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server and Ilevia EVE X5 Server versions 4.7.18.0.eden and earlier, which stems from a misconfigured sudoers file and could lead to remo...