📦 Eve X1 Server Firmware

A Cross-Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server firmware allows remote attackers to execute arbitrary code via the /bh_web_backend component. This affects Ilevia EVE X1 Serve...

This vulnerability allows remote attackers to execute arbitrary operating system commands on Ilevia EVE X1 Server devices via the ping.php component, which fails to properly sanitize IP address parame...

Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden contain hardcoded default credentials that allow unauthenticated remote attackers to gain administrative access. This affects all customers r...

Ilevia EVE X1 Server firmware contains an unauthenticated OS command injection vulnerability in mbus_build_from_csv.php that allows remote attackers to execute arbitrary code. This affects all firmwar...

CVE-2025-34515 is a privilege escalation vulnerability in Ilevia EVE X1 Server firmware where the sync_project.sh script runs with unnecessary root privileges. Attackers can exploit this to gain full ...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on Ilevia EVE X1 Server systems. Attackers can achieve full system compromise by inje...

This vulnerability allows remote attackers to bypass authentication on Ilevia EVE X1/X5 Server by injecting special characters into the authentication mechanism. Attackers can gain full system access ...

CVE-2025-34518 is a relative path traversal vulnerability in Ilevia EVE X1 Server firmware that allows attackers to read arbitrary files on the system. This affects all firmware versions ≤ 4.7.18.0....

This vulnerability allows unauthenticated remote attackers to retrieve plaintext credentials from exposed log files in Ilevia EVE X1 Server. It enables full authentication bypass and system compromise...

This Cross-Site Scripting (XSS) vulnerability in Ilevia EVE X1 Server firmware allows remote attackers to inject malicious scripts via the /index.php component. Attackers can execute arbitrary code in...

Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden contain a reflected cross-site scripting vulnerability in index.php that allows unauthenticated attackers to execute arbitrary JavaScript in ...