4 matches found
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and earlier versions, which stems from an unnecessary privileged execution in syncproject.sh that could lead to elevated privileges...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass
Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below construct a shell command using unsanitized user input passed to the system function, calling an external binary for authentication. Due to improper input handling and reliance on the binary's return value for access control, an attacker ca...
📄 Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak
A critical vulnerability was identified in the EVE smart home and BMS/BAS controller system due to improper handling of sensitive information in server-side logging. Specifically, .log files accessible via the web server expose cleartext credentials, including username and password submitted duri...
📄 Ilevia EVE X1 Server 4.7.18.0.eden File Disclosure
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated file disclosure vulnerability. Using the dblog POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. Ilevia EVE X1 Server 4.7.18.0.eden dblog...