Skip to main content

Anviz Cx7 Firmware

9 CVEs product

Monthly

CVE-2026-40066 HIGH CISA Act Now

Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.

RCE Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-35546 CRITICAL CISA Emergency

Unauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover with reverse shell access. Attackers can remotely upload malicious firmware archives without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N), enabling arbitrary code execution with full system privileges. Reported by ICS-CERT, affecting industrial/physical access control deployments. No EPSS or KEV data provided, but the authentication bypass (CWE-306) combined with network accessibility makes this a critical exposure for internet-facing or network-accessible devices.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
Threat
4.0
CVE-2026-40461 HIGH CISA Act Now

Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32648 MEDIUM CISA This Month

Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without credentials, exposing SSH and RTTY status information that facilitates reconnaissance. The vulnerability exists in network-accessible endpoints that return sensitive debug data, affecting both device models across all firmware versions.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33569 MEDIUM CISA This Month

Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. CVSS 6.5 reflects the high confidentiality impact but lack of authentication barrier; exploitation is straightforward given network access to the device.

Information Disclosure Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31927 MEDIUM CISA This Month

Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23) to overwrite system files such as /etc/shadow, enabling unauthorized SSH access when combined with debug setting modifications. The vulnerability requires high-privilege authentication but poses significant risk in environments where administrative accounts are compromised or untrusted administrators have access.

Path Traversal Anviz Cx7 Firmware
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-32324 HIGH CISA Act Now

Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt intercepted MQTT communications and forge device messages across multiple installations. CISA ICS-CERT reported this vulnerability affecting industrial access control systems. CVSS 7.7 reflects high confidentiality and integrity impact through credential compromise, though exploitation requires local access to extract embedded certificates. No active exploitation confirmed via CISA KEV at time of analysis, but credential reuse across device fleet creates scalable attack surface once initial key extraction occurs.

Information Disclosure Anviz Cx7 Firmware
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-35061 MEDIUM CISA This Month

Anviz CX7 Firmware allows unauthenticated remote retrieval of the most recently captured test photo, exposing sensitive operational imagery without requiring authentication or user interaction. Network-accessible instances are at immediate risk of information disclosure; the vulnerability affects all versions of Anviz CX7 Firmware. No public exploit code or active KEV listing identified at time of analysis, but the trivial exploitation requirements (network access, no authentication, no complexity) combined with CISA ICS advisory issuance (ICSA-26-106-03) indicate material risk in operational technology environments.

Authentication Bypass Anviz Cx7 Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-33093 MEDIUM CISA This Month

Unauthenticated remote attackers can capture photos using the front-facing camera on Anviz CX7 devices via a direct POST request, exposing visual information about the physical deployment environment without authentication. The vulnerability affects all versions of Anviz CX7 Firmware and is tracked in CISA industrial control systems advisories, indicating deployment in operational technology environments. With a CVSS score of 5.3 (network-accessible, no authentication required, low complexity), this represents a confidentiality breach suitable for reconnaissance or social engineering in sensitive facilities.

Authentication Bypass Anviz Cx7 Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH Act Now

Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.

RCE Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
EPSS 0% 4.0 CVSS 9.8
CRITICAL Emergency

Unauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover with reverse shell access. Attackers can remotely upload malicious firmware archives without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N), enabling arbitrary code execution with full system privileges. Reported by ICS-CERT, affecting industrial/physical access control deployments. No EPSS or KEV data provided, but the authentication bypass (CWE-306) combined with network accessibility makes this a critical exposure for internet-facing or network-accessible devices.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH Act Now

Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without credentials, exposing SSH and RTTY status information that facilitates reconnaissance. The vulnerability exists in network-accessible endpoints that return sensitive debug data, affecting both device models across all firmware versions.

Authentication Bypass Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. CVSS 6.5 reflects the high confidentiality impact but lack of authentication barrier; exploitation is straightforward given network access to the device.

Information Disclosure Anviz Cx7 Firmware Anviz Cx2 Lite Firmware
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23) to overwrite system files such as /etc/shadow, enabling unauthorized SSH access when combined with debug setting modifications. The vulnerability requires high-privilege authentication but poses significant risk in environments where administrative accounts are compromised or untrusted administrators have access.

Path Traversal Anviz Cx7 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH Act Now

Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt intercepted MQTT communications and forge device messages across multiple installations. CISA ICS-CERT reported this vulnerability affecting industrial access control systems. CVSS 7.7 reflects high confidentiality and integrity impact through credential compromise, though exploitation requires local access to extract embedded certificates. No active exploitation confirmed via CISA KEV at time of analysis, but credential reuse across device fleet creates scalable attack surface once initial key extraction occurs.

Information Disclosure Anviz Cx7 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Anviz CX7 Firmware allows unauthenticated remote retrieval of the most recently captured test photo, exposing sensitive operational imagery without requiring authentication or user interaction. Network-accessible instances are at immediate risk of information disclosure; the vulnerability affects all versions of Anviz CX7 Firmware. No public exploit code or active KEV listing identified at time of analysis, but the trivial exploitation requirements (network access, no authentication, no complexity) combined with CISA ICS advisory issuance (ICSA-26-106-03) indicate material risk in operational technology environments.

Authentication Bypass Anviz Cx7 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated remote attackers can capture photos using the front-facing camera on Anviz CX7 devices via a direct POST request, exposing visual information about the physical deployment environment without authentication. The vulnerability affects all versions of Anviz CX7 Firmware and is tracked in CISA industrial control systems advisories, indicating deployment in operational technology environments. With a CVSS score of 5.3 (network-accessible, no authentication required, low complexity), this represents a confidentiality breach suitable for reconnaissance or social engineering in sensitive facilities.

Authentication Bypass Anviz Cx7 Firmware
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy