Lucene search
K

4 matches found

CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and earlier versions, which stems from an unnecessary privileged execution in syncproject.sh that could lead to elevated privileges...

9.8CVSS6.6AI score0.07285EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2025/08/26 12:0 a.m.193 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass

Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below construct a shell command using unsanitized user input passed to the system function, calling an external binary for authentication. Due to improper input handling and reliance on the binary's return value for access control, an attacker ca...

8AI score
Exploits0
Packet Storm
Packet Storm
added 2025/08/20 12:0 a.m.213 views

📄 Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak

A critical vulnerability was identified in the EVE smart home and BMS/BAS controller system due to improper handling of sensitive information in server-side logging. Specifically, .log files accessible via the web server expose cleartext credentials, including username and password submitted duri...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/07/31 12:0 a.m.130 views

📄 Ilevia EVE X1 Server 4.7.18.0.eden File Disclosure

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated file disclosure vulnerability. Using the dblog POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. Ilevia EVE X1 Server 4.7.18.0.eden dblog...

7.3AI score
Exploits0
Rows per page
Query Builder