Browse all 4 CVE security advisories affecting Elvaco. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Elvaco specializes in IoT solutions for smart buildings and utilities, focusing on remote monitoring and management systems. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from inadequate input validation and insecure default configurations. While no major public security incidents have been widely reported, the four documented CVEs highlight persistent issues in web interfaces and communication protocols that could allow unauthorized access or system compromise. Their security posture appears typical for IoT vendors, with vulnerabilities primarily affecting exposed network services rather than core functionality.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-49399 | Missing Authentication for Critical Function in Elvaco M-Bus Metering Gateway CMe3100 — M-Bus Metering Gateway CMe3100CWE-306 | 9.1AI | CriticalAI | 2024-10-17 |
| CVE-2024-49398 | Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100 — M-Bus Metering Gateway CMe3100CWE-434 | 9.8AI | CriticalAI | 2024-10-17 |
| CVE-2024-49397 | Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100 — M-Bus Metering Gateway CMe3100CWE-79 | 6.1AI | MediumAI | 2024-10-17 |
| CVE-2024-49396 | Insufficiently Protected Credentials in Elvaco M-Bus Metering Gateway CMe3100 — M-Bus Metering Gateway CMe3100CWE-522 | 5.3AI | MediumAI | 2024-10-17 |
This page lists every published CVE security advisory associated with Elvaco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.