Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device.
AnalysisAI
Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without credentials, exposing SSH and RTTY status information that facilitates reconnaissance. The vulnerability exists in network-accessible endpoints that return sensitive debug data, affecting both device models across all firmware versions.
Technical ContextAI
This vulnerability exploits insufficient access control on administrative or debug endpoints in Anviz biometric/access control devices. The underlying issue is classified as CWE-862 (Missing Authorization), indicating that the application fails to implement proper authentication checks before disclosing sensitive configuration data. Anviz CX2 Lite and CX7 are networked access control and time attendance devices commonly deployed in enterprise environments. The debug endpoints leak information about RTTY (remote terminal) and SSH service status, which are typically restricted to authenticated administrative users. The vulnerability is likely in web-based management interfaces or API endpoints that do not validate authentication tokens or session credentials before returning configuration objects.
RemediationAI
Contact Anviz via https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03 for vendor-provided patch details and firmware updates, as no specific patched version is currently documented in the CVE record. Until a vendor fix is deployed, implement network segmentation to restrict access to Anviz device management interfaces using firewall rules - block inbound access to management ports (typically HTTP/HTTPS, SSH) from untrusted networks and limit administrative access to a whitelist of trusted administrator IP addresses or VPN subnets. Disable RTTY and SSH services if they are not operationally required, as these features create secondary attack surfaces once debug information is disclosed. Monitor network traffic to and from Anviz devices for unusual API queries or repeated requests to debug endpoints using intrusion detection signatures or SIEM rules targeting the device's management interface. Apply the official firmware update from Anviz immediately upon release; maintain an inventory of deployed CX2 Lite and CX7 devices to ensure no systems are missed during patching.
More in Anviz Cx7 Firmware
View allUnauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover
Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload maliciou
Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt inter
Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, in
Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to int
Anviz CX7 Firmware allows unauthenticated remote retrieval of the most recently captured test photo, exposing sensitive
Unauthenticated remote attackers can capture photos using the front-facing camera on Anviz CX7 devices via a direct POST
Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23478