What is the CVSS score of CVE-2026-35682?

CVE-2026-35682 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Anviz CX2 Lite are affected by CVE-2026-35682?

CVE-2026-35682 affects Anviz CX2 Lite access control devices deployed in critical infrastructure, permitting authenticated users with low privileges to execute arbitrary commands as root and…

Anviz CX2 Lite CVE-2026-35682

EUVD-2026-23521 HIGH

Command Injection (CWE-77)

2026-04-17 icscert

Command Injection

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 19:07 vuln.today

cvss_changed

Analysis Generated

Apr 17, 2026 - 20:37 vuln.today

EUVD ID Assigned

Apr 17, 2026 - 20:15 euvd

EUVD-2026-23521

Analysis Generated

Apr 17, 2026 - 20:15 vuln.today

CVE Published

Apr 17, 2026 - 19:46 nvd

HIGH 8.8

DescriptionNVD

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access.

AnalysisAI

Command injection in Anviz CX2 Lite firmware allows authenticated attackers with low-privilege network access to execute arbitrary OS commands as root by manipulating a filename parameter, enabling full device compromise including persistent backdoor installation (e.g., telnetd service). This ICS-focused access control device vulnerability was reported by ICS-CERT, indicating deployment in critical infrastructure environments. …

RemediationAI

Within 24 hours: Inventory all Anviz CX2 Lite devices in production and document firmware versions; restrict network access to these devices to named administrator accounts only. Within 7 days: Contact Anviz for patch availability and timeline; implement network segmentation isolating access control systems from general IT networks; disable unnecessary remote management protocols. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-35682 vulnerability details – vuln.today

Back

Anviz CX2 Lite CVE-2026-35682

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code