Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery.
AnalysisAI
Anviz CX7 Firmware allows unauthenticated remote retrieval of the most recently captured test photo, exposing sensitive operational imagery without requiring authentication or user interaction. Network-accessible instances are at immediate risk of information disclosure; the vulnerability affects all versions of Anviz CX7 Firmware. No public exploit code or active KEV listing identified at time of analysis, but the trivial exploitation requirements (network access, no authentication, no complexity) combined with CISA ICS advisory issuance (ICSA-26-106-03) indicate material risk in operational technology environments.
Technical ContextAI
Anviz CX7 is a biometric access control device used in physical security deployments. The vulnerability stems from missing authentication controls on an endpoint that serves photo data-specifically, the retrieval mechanism for test photos lacks authorization checks (CWE-862: Missing Authorization). The device exposes this functionality over the network (AV:N) with no additional complexity or user interaction required, suggesting the endpoint is either directly web-accessible or exposed through an unprotected API. The weakness allows any network-connected attacker to enumerate and download operational imagery captured during device testing or calibration, potentially revealing facility layouts, personnel, or other sensitive context.
RemediationAI
Apply the security patch provided by Anviz in response to CISA ICSA-26-106-03; specific patched firmware versions are listed in the advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03. Upgrade Anviz CX7 devices to the latest firmware as recommended by the vendor. As interim compensating controls, restrict network access to the device's web interface and photo retrieval endpoints using firewall rules or network segmentation; disable or restrict photo capture/test features if operationally feasible; and implement network-level authentication (e.g., VPN, reverse proxy with access control) in front of the device. Verify that the device is not accessible from untrusted networks (internet, guest networks, or adjacent subnets). Note that network segmentation is a standard OT practice and should not degrade facility operations, but disabling photo features may impact device diagnostics and calibration-coordinate with facility management and Anviz support before implementing feature-level restrictions.
More in Anviz Cx7 Firmware
View allUnauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover
Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload maliciou
Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt inter
Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, in
Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to int
Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without cred
Unauthenticated remote attackers can capture photos using the front-facing camera on Anviz CX7 devices via a direct POST
Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23488