Skip to main content

Anviz Cx7 Firmware CVE-2026-31927

| EUVDEUVD-2026-23470 MEDIUM
Relative Path Traversal (CWE-23)
2026-04-17 icscert
4.9
CVSS 3.1 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Primary rating from Vendor (icscert) · only source for this CVE.

CVSS VectorVendor: icscert

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Apr 17, 2026 - 20:08 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 19:45 euvd
EUVD-2026-23470
Analysis Generated
Apr 17, 2026 - 19:45 vuln.today
CVE Published
Apr 17, 2026 - 19:24 nvd
MEDIUM 4.9

DescriptionCVE.org

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes

AnalysisAI

Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23) to overwrite system files such as /etc/shadow, enabling unauthorized SSH access when combined with debug setting modifications. The vulnerability requires high-privilege authentication but poses significant risk in environments where administrative accounts are compromised or untrusted administrators have access.

Technical ContextAI

The vulnerability exists in Anviz CX7 Firmware's CSV upload functionality, which fails to properly validate or sanitize file paths before processing uploaded content. The path traversal flaw (CWE-23) allows an authenticated attacker to use relative path sequences (e.g., ../ or absolute paths) within CSV file processing to write files outside the intended upload directory. When combined with the ability to modify debug settings, attackers can escalate impact by overwriting critical system files like /etc/shadow (Linux password database) to create unauthorized user accounts or reset root credentials, thereby gaining SSH access. The affected product is identified via CPE as Anviz CX7 Firmware across all versions, suggesting the vulnerability affects the entire product line.

RemediationAI

Contact Anviz support for a patched firmware version addressing CVE-2026-31927 via the vendor contact page at https://www.anviz.com/contact-us.html or consult the CISA ICS Advisory ICSA-26-106-03 for detailed remediation guidance. In the interim, implement the following compensating controls: (1) Restrict CSV upload functionality to physically isolated networks or disable the feature if not operationally required (trade-off: loss of bulk import capability); (2) implement strict role-based access control limiting CSV upload permissions only to dedicated administrative accounts with auditable access; (3) disable debug mode features entirely or restrict their modification to authenticated users via separate high-assurance channels; (4) monitor /etc/shadow and other critical system files for unauthorized modifications using file integrity monitoring (FIM) tools, enabling rapid detection of exploitation attempts. Regularly audit administrator account access logs and restrict SSH to key-based authentication to limit the impact of compromised passwords.

Share

CVE-2026-31927 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy