23 matches found
CVE-2025-14276
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-14276
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
PT-2025-49597
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-60738
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials
Ilevia EVE X1/X5 Server version 4.7.18.0.eden uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected versio...
Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
CVE-2025-34517
Ilevia EVE X1 Server firmware
CVE-2025-34514 Ilevia EVE X1 Server 4.7.18.0.eden Authenticated Command Injection
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and...
CVE-2025-34514
The CVE-2025-34514 entry concerns Ilevia EVE X1 Server firmware ≤ 4.7.18.0.eden, where authenticated users can trigger OS command injections via multiple web‑accessible PHP scripts that call exec(). Several connected sources document authenticated remote command injection, with PoC material indic...
CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...
CVE-2025-34512
The CVE-2025-34512 entry affects Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden, with multiple publicly disclosed issues summarized in connected documents: a pre-authentication file disclosure via the db_log POST parameter; an unauthenticated OS command injection in /ajax/php/login.php vi...
CVE-2025-34518 Ilevia EVE X1 Server 4.7.18.0.eden Relative Path Traversal
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
EUVD-2025-34801
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
CVE-2025-34516 Ilevia EVE X1 Server 4.7.18.0.eden Use of Default Credentials
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which stems from a reflected cross-site scripting vulnerability in index.php that could lead to the execution of arbitrary cod...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and earlier versions, which stems from the presence of absolute path traversal in getfilecontent.php, which could lead to reading arbitrary files...
CVE-2025-34184
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...
CVE-2025-34185 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated File Disclosure
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'dblog' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials...
CVE-2025-34185 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated File Disclosure
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'dblog' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials...
CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...