Description
The 
iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths.
Published: 2026-06-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The iVEC‑IEI Virtualization Edge Computer has a path traversal weakness (CWE‑22) that lets an authenticated remote attacker create directories in unintended system paths. This can alter the server file structure, potentially enable further compromise, and compromise the integrity of the system.

Affected Systems

IEI Integration Corp: iVEC TANK‑XM811 virtualization edge computer.

Risk and Exploitability

The vulnerability has a CVSS score of 5.3, indicating moderate severity. EPSS information is not available and the issue is not listed in the CISA KEV catalog. The attack requires valid authentication, suggesting that the risk is primarily to users who have legitimate remote administrative access. Exploits would first create directories in protected areas, which could be leveraged to install additional malicious components or facilitate privilege escalation.

Generated by OpenCVE AI on June 12, 2026 at 10:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or upgrade the iVEC TANK‑XM811 firmware to a version that fixes the path traversal flaw.
  • If a patch is not yet available, disable or restrict remote administration on the device and enforce least‑privilege account policies so that only trusted users can authenticate to modify the file system.
  • When operating without a patch, configure the system to validate and sanitize all user‑supplied file paths, and set file‑write permissions so that only essential system processes can write to protected directories.

Generated by OpenCVE AI on June 12, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Iei Integration Corp
Iei Integration Corp ivec Tank-xm811
Vendors & Products Iei Integration Corp
Iei Integration Corp ivec Tank-xm811

Fri, 12 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths.
Title Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Iei Integration Corp Ivec Tank-xm811
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-06-12T10:49:24.055Z

Reserved: 2026-06-10T07:51:00.787Z

Link: CVE-2026-11847

cve-icon Vulnrichment

Updated: 2026-06-12T10:49:17.957Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T10:16:21.890

Modified: 2026-06-12T16:00:18.860

Link: CVE-2026-11847

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:47Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')