Anviz Cx2 Lite Firmware
Monthly
Command injection in Anviz CX2 Lite firmware allows authenticated attackers with low-privilege network access to execute arbitrary OS commands as root by manipulating a filename parameter, enabling full device compromise including persistent backdoor installation (e.g., telnetd service). This ICS-focused access control device vulnerability was reported by ICS-CERT, indicating deployment in critical infrastructure environments. No EPSS data or CISA KEV listing at time of analysis, but authentication requirement (PR:L) may limit mass exploitation while enabling insider threat scenarios.
Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.
Unauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover with reverse shell access. Attackers can remotely upload malicious firmware archives without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N), enabling arbitrary code execution with full system privileges. Reported by ICS-CERT, affecting industrial/physical access control deployments. No EPSS or KEV data provided, but the authentication bypass (CWE-306) combined with network accessibility makes this a critical exposure for internet-facing or network-accessible devices.
Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.
Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without credentials, exposing SSH and RTTY status information that facilitates reconnaissance. The vulnerability exists in network-accessible endpoints that return sensitive debug data, affecting both device models across all firmware versions.
Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. CVSS 6.5 reflects the high confidentiality impact but lack of authentication barrier; exploitation is straightforward given network access to the device.
Command injection in Anviz CX2 Lite firmware allows authenticated attackers with low-privilege network access to execute arbitrary OS commands as root by manipulating a filename parameter, enabling full device compromise including persistent backdoor installation (e.g., telnetd service). This ICS-focused access control device vulnerability was reported by ICS-CERT, indicating deployment in critical infrastructure environments. No EPSS data or CISA KEV listing at time of analysis, but authentication requirement (PR:L) may limit mass exploitation while enabling insider threat scenarios.
Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.
Unauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover with reverse shell access. Attackers can remotely upload malicious firmware archives without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N), enabling arbitrary code execution with full system privileges. Reported by ICS-CERT, affecting industrial/physical access control deployments. No EPSS or KEV data provided, but the authentication bypass (CWE-306) combined with network accessibility makes this a critical exposure for internet-facing or network-accessible devices.
Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.
Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without credentials, exposing SSH and RTTY status information that facilitates reconnaissance. The vulnerability exists in network-accessible endpoints that return sensitive debug data, affecting both device models across all firmware versions.
Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. CVSS 6.5 reflects the high confidentiality impact but lack of authentication barrier; exploitation is straightforward given network access to the device.