How to fix CVE-2026-32324?

CVE-2026-32324

EUVD-2026-23476 HIGH

2026-04-17 icscert

Information Disclosure

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 20:22 vuln.today

cvss_changed

Analysis Generated

Apr 17, 2026 - 20:06 vuln.today

DescriptionNVD

Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.

AnalysisAI

Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt intercepted MQTT communications and forge device messages across multiple installations. CISA ICS-CERT reported this vulnerability affecting industrial access control systems. …

RemediationAI

Within 24 hours: Inventory all Anviz CX7 deployments and document network segmentation of MQTT infrastructure. Within 7 days: Implement network-level monitoring for unauthorized MQTT message patterns and restrict local physical access to devices pending remediation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32324 vulnerability details – vuln.today

Back

CVE-2026-32324

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code