Anviz Cx7 Firmware
Monthly
Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.
Unauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover with reverse shell access. Attackers can remotely upload malicious firmware archives without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N), enabling arbitrary code execution with full system privileges. Reported by ICS-CERT, affecting industrial/physical access control deployments. No EPSS or KEV data provided, but the authentication bypass (CWE-306) combined with network accessibility makes this a critical exposure for internet-facing or network-accessible devices.
Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.
Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without credentials, exposing SSH and RTTY status information that facilitates reconnaissance. The vulnerability exists in network-accessible endpoints that return sensitive debug data, affecting both device models across all firmware versions.
Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. CVSS 6.5 reflects the high confidentiality impact but lack of authentication barrier; exploitation is straightforward given network access to the device.
Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23) to overwrite system files such as /etc/shadow, enabling unauthorized SSH access when combined with debug setting modifications. The vulnerability requires high-privilege authentication but poses significant risk in environments where administrative accounts are compromised or untrusted administrators have access.
Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt intercepted MQTT communications and forge device messages across multiple installations. CISA ICS-CERT reported this vulnerability affecting industrial access control systems. CVSS 7.7 reflects high confidentiality and integrity impact through credential compromise, though exploitation requires local access to extract embedded certificates. No active exploitation confirmed via CISA KEV at time of analysis, but credential reuse across device fleet creates scalable attack surface once initial key extraction occurs.
Anviz CX7 Firmware allows unauthenticated remote retrieval of the most recently captured test photo, exposing sensitive operational imagery without requiring authentication or user interaction. Network-accessible instances are at immediate risk of information disclosure; the vulnerability affects all versions of Anviz CX7 Firmware. No public exploit code or active KEV listing identified at time of analysis, but the trivial exploitation requirements (network access, no authentication, no complexity) combined with CISA ICS advisory issuance (ICSA-26-106-03) indicate material risk in operational technology environments.
Unauthenticated remote attackers can capture photos using the front-facing camera on Anviz CX7 devices via a direct POST request, exposing visual information about the physical deployment environment without authentication. The vulnerability affects all versions of Anviz CX7 Firmware and is tracked in CISA industrial control systems advisories, indicating deployment in operational technology environments. With a CVSS score of 5.3 (network-accessible, no authentication required, low complexity), this represents a confidentiality breach suitable for reconnaissance or social engineering in sensitive facilities.
Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. CVSS 8.8 indicates high impact across confidentiality, integrity, and availability once low-privilege authentication is obtained. No public exploit confirmed at time of analysis, but the attack vector is straightforward for authenticated users.
Unauthenticated remote firmware upload in Anviz CX2 Lite and CX7 access control devices allows complete device takeover with reverse shell access. Attackers can remotely upload malicious firmware archives without authentication (CVSS 9.8, AV:N/AC:L/PR:N/UI:N), enabling arbitrary code execution with full system privileges. Reported by ICS-CERT, affecting industrial/physical access control deployments. No EPSS or KEV data provided, but the authentication bypass (CWE-306) combined with network accessibility makes this a critical exposure for internet-facing or network-accessible devices.
Remote unauthenticated attackers can modify debug settings on Anviz CX2 Lite and CX7 physical access control systems, including enabling SSH access, via unprotected POST requests. This authentication bypass (CWE-306) allows adversaries to alter device security configurations without credentials, creating persistent attack vectors for subsequent compromise. Reported by ICS-CERT, affecting operational technology environments where these access control devices manage facility security. No public exploit code identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N). EPSS data not available, not currently in CISA KEV.
Unauthenticated remote attackers can access debug configuration endpoints on Anviz CX2 Lite and CX7 devices without credentials, exposing SSH and RTTY status information that facilitates reconnaissance. The vulnerability exists in network-accessible endpoints that return sensitive debug data, affecting both device models across all firmware versions.
Anviz CX2 Lite and CX7 devices transmit administrative sessions over unencrypted HTTP, allowing on-path attackers to intercept and steal credentials and session tokens without authentication or user interaction beyond the legitimate admin connecting to the device. This breaks confidentiality of administrative access, enabling complete device compromise. CVSS 6.5 reflects the high confidentiality impact but lack of authentication barrier; exploitation is straightforward given network access to the device.
Anviz CX7 Firmware allows authenticated administrators to upload malicious CSV files that exploit path traversal (CWE-23) to overwrite system files such as /etc/shadow, enabling unauthorized SSH access when combined with debug setting modifications. The vulnerability requires high-privilege authentication but poses significant risk in environments where administrative accounts are compromised or untrusted administrators have access.
Hardcoded cryptographic credentials in Anviz CX7 physical access control firmware allow local attackers to decrypt intercepted MQTT communications and forge device messages across multiple installations. CISA ICS-CERT reported this vulnerability affecting industrial access control systems. CVSS 7.7 reflects high confidentiality and integrity impact through credential compromise, though exploitation requires local access to extract embedded certificates. No active exploitation confirmed via CISA KEV at time of analysis, but credential reuse across device fleet creates scalable attack surface once initial key extraction occurs.
Anviz CX7 Firmware allows unauthenticated remote retrieval of the most recently captured test photo, exposing sensitive operational imagery without requiring authentication or user interaction. Network-accessible instances are at immediate risk of information disclosure; the vulnerability affects all versions of Anviz CX7 Firmware. No public exploit code or active KEV listing identified at time of analysis, but the trivial exploitation requirements (network access, no authentication, no complexity) combined with CISA ICS advisory issuance (ICSA-26-106-03) indicate material risk in operational technology environments.
Unauthenticated remote attackers can capture photos using the front-facing camera on Anviz CX7 devices via a direct POST request, exposing visual information about the physical deployment environment without authentication. The vulnerability affects all versions of Anviz CX7 Firmware and is tracked in CISA industrial control systems advisories, indicating deployment in operational technology environments. With a CVSS score of 5.3 (network-accessible, no authentication required, low complexity), this represents a confidentiality breach suitable for reconnaissance or social engineering in sensitive facilities.