Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34186 | 1 Ilevia | 2 Eve X1, Eve X1 Firmware | 2025-09-24 | N/A | 9.8 CRITICAL |
| Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system. | |||||
| CVE-2025-34185 | 1 Ilevia | 2 Eve X1, Eve X1 Firmware | 2025-09-24 | N/A | 7.5 HIGH |
| Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials. | |||||
| CVE-2025-34184 | 1 Ilevia | 2 Eve X1, Eve X1 Firmware | 2025-09-24 | N/A | 9.8 CRITICAL |
| Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service. | |||||
| CVE-2025-34183 | 1 Ilevia | 2 Eve X1, Eve X1 Firmware | 2025-09-22 | N/A | 7.5 HIGH |
| Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse. | |||||