CVE-2026-33569

EUVD-2026-23484 MEDIUM

Cleartext Transmission of Sensitive Information (CWE-319)

2026-04-17 icscert

GHSA-pxw3-r2m4-c5m3

Information Disclosure

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 17, 2026 - 20:08 vuln.today

DescriptionNVD

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.

AnalysisAI

Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33569 vulnerability details – vuln.today

Back

CVE-2026-33569

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code