Skip to main content

Ivec Tank Xm811

4 CVEs product

Monthly

CVE-2026-11847 MEDIUM PATCH This Month

Path traversal in IEI Integration Corp's iVEC TANK-XM811 Virtualization Edge Computer enables authenticated remote attackers to create directories at arbitrary system paths outside the application's intended scope. The flaw (CWE-22) resides in the network-accessible management interface, where user-supplied path input is not sufficiently sanitized before use in filesystem operations. No public exploit code or active exploitation has been identified at time of analysis, and the impact is constrained to unauthorized directory creation rather than file read, write, or code execution.

Path Traversal Ivec Tank Xm811
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-11846 HIGH PATCH This Week

Arbitrary file deletion in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer (Tank-XM811 platform) allows authenticated remote attackers to delete arbitrary system files or directories via path traversal, leading to data destruction and service disruption. The flaw was reported through Taiwan's TWCERT coordination process and carries a CVSS 4.0 base score of 7.2 (High) driven by integrity and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Ivec Tank Xm811
NVD VulDB
CVSS 4.0
7.2
EPSS
0.3%
CVE-2026-11845 HIGH PATCH This Week

OS command injection in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer (iVEC TANK-XM811) allows privileged remote attackers to inject and execute arbitrary operating system commands on the affected device. The flaw was disclosed via Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.6, with no public exploit identified at time of analysis. Because exploitation requires high privileges, the issue represents a post-authentication path to full device compromise rather than an unauthenticated remote takeover.

Command Injection Ivec Tank Xm811
NVD VulDB
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-11844 MEDIUM PATCH This Month

Arbitrary file read via path traversal in IEI Integration Corp's iVEC TANK-XM811 edge computing platform exposes sensitive system files to privileged remote attackers. The CVSS 4.0 vector (AV:N/PR:H/VC:H) confirms network-accessible exploitation requiring high-privilege credentials, with full confidentiality impact on the vulnerable system and no integrity or availability impact. No public exploit code or CISA KEV listing is identified at time of analysis; the vulnerability was reported by Taiwan CERT (TWCERT) and affects all known firmware versions per CPE wildcard.

Path Traversal Ivec Tank Xm811
NVD
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Path traversal in IEI Integration Corp's iVEC TANK-XM811 Virtualization Edge Computer enables authenticated remote attackers to create directories at arbitrary system paths outside the application's intended scope. The flaw (CWE-22) resides in the network-accessible management interface, where user-supplied path input is not sufficiently sanitized before use in filesystem operations. No public exploit code or active exploitation has been identified at time of analysis, and the impact is constrained to unauthorized directory creation rather than file read, write, or code execution.

Path Traversal Ivec Tank Xm811
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Arbitrary file deletion in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer (Tank-XM811 platform) allows authenticated remote attackers to delete arbitrary system files or directories via path traversal, leading to data destruction and service disruption. The flaw was reported through Taiwan's TWCERT coordination process and carries a CVSS 4.0 base score of 7.2 (High) driven by integrity and availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal Ivec Tank Xm811
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

OS command injection in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer (iVEC TANK-XM811) allows privileged remote attackers to inject and execute arbitrary operating system commands on the affected device. The flaw was disclosed via Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.6, with no public exploit identified at time of analysis. Because exploitation requires high privileges, the issue represents a post-authentication path to full device compromise rather than an unauthenticated remote takeover.

Command Injection Ivec Tank Xm811
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Arbitrary file read via path traversal in IEI Integration Corp's iVEC TANK-XM811 edge computing platform exposes sensitive system files to privileged remote attackers. The CVSS 4.0 vector (AV:N/PR:H/VC:H) confirms network-accessible exploitation requiring high-privilege credentials, with full confidentiality impact on the vulnerable system and no integrity or availability impact. No public exploit code or CISA KEV listing is identified at time of analysis; the vulnerability was reported by Taiwan CERT (TWCERT) and affects all known firmware versions per CPE wildcard.

Path Traversal Ivec Tank Xm811
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy