The iVEC-IEI Virtualization Edge Computer (iVEC TANK-XM811) contains a path traversal vulnerability (CWE-22) that allows authenticated remote attackers to create directories outside of intended restricted directories. This occurs because the product does not properly limit pathname inputs to restricted directories, enabling directory creation in unintended system paths. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, and limited privileges required. No vendor advisory or patch information is currently available, and no known exploits have been reported.

An authenticated remote attacker with limited privileges can exploit this vulnerability to create directories in arbitrary locations on the affected system. This may lead to unauthorized modification of the filesystem structure, potentially facilitating further attacks or system misuse. There is no indication of privilege escalation, code execution, or data disclosure directly from this vulnerability based on the provided information.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict authenticated access to the device to trusted users only and monitor for unusual directory creation activities. No official remediation or temporary fix has been published by the vendor at this time.