CVE-2026-11846
7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IEI Integration Corp | iVEC TANK-XM811 | 0 < 1.0.4 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.twcert.org.tw/tw/cp-132-10969-4c4e2-1.html
- https://www.twcert.org.tw/en/cp-139-10970-e4b21-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.