Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment.
AnalysisAI
Unauthenticated remote attackers can capture photos using the front-facing camera on Anviz CX7 devices via a direct POST request, exposing visual information about the physical deployment environment without authentication. The vulnerability affects all versions of Anviz CX7 Firmware and is tracked in CISA industrial control systems advisories, indicating deployment in operational technology environments. With a CVSS score of 5.3 (network-accessible, no authentication required, low complexity), this represents a confidentiality breach suitable for reconnaissance or social engineering in sensitive facilities.
Technical ContextAI
Anviz CX7 is a biometric access control device commonly deployed in physical security systems and operational technology environments. The vulnerability stems from an authentication bypass (CWE-862: Missing Authorization) in the device's REST API or web service layer. The firmware exposes an endpoint that accepts unauthenticated POST requests to trigger camera functionality, typically used for authorized personnel enrollment or legitimate surveillance but here unprotected by access controls. The affected product runs on embedded firmware (CPE indicates all versions of anviz_cx7_firmware), meaning the vulnerability is likely baked into the device's boot image and difficult to remediate without full firmware replacement. The device's front-facing camera-designed for biometric capture and identity verification-becomes a reconnaissance tool when the authorization check is missing.
RemediationAI
Contact Anviz through https://www.anviz.com/contact-us.html to obtain a patched firmware version addressing the authentication bypass. Immediately restrict network access to Anviz CX7 management interfaces by implementing strict network segmentation: place devices on a dedicated VLAN with access controls allowing only authorized management stations and block all unauthenticated access from general network segments or the Internet. Disable or restrict the camera capture API endpoint at the firewall or through any device-level access control lists if the management interface supports granular feature disabling. For interim protection, physically isolate devices on a management-only network without spanning to operational networks, though this limits device usability and is not a long-term solution. Review device logs (if available) for unauthorized POST requests to camera endpoints to identify potential prior reconnaissance. Once a patched firmware version is released by Anviz, prioritize its deployment to all CX7 devices, especially those in sensitive facilities.
More in Anviz Cx7 Firmware
View allUnauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover
Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload maliciou
Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt inter
Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, in
Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to int
Anviz CX7 Firmware allows unauthenticated remote retrieval of the most recently captured test photo, exposing sensitive
Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without cred
Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23480
GHSA-vh49-38wc-6wqp