Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-31927 | 1 Anviz | 2 Cx7, Cx7 Firmware | 2026-05-04 | N/A | 4.9 MEDIUM |
| Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes | |||||
| CVE-2026-32324 | 1 Anviz | 2 Cx7, Cx7 Firmware | 2026-05-04 | N/A | 7.7 HIGH |
| Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale. | |||||
| CVE-2026-32648 | 1 Anviz | 4 Cx2 Lite, Cx2 Lite Firmware, Cx7 and 1 more | 2026-05-04 | N/A | 5.3 MEDIUM |
| Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | |||||
| CVE-2026-33093 | 1 Anviz | 2 Cx7, Cx7 Firmware | 2026-05-04 | N/A | 5.3 MEDIUM |
| Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | |||||
| CVE-2026-33569 | 1 Anviz | 4 Cx2 Lite, Cx2 Lite Firmware, Cx7 and 1 more | 2026-05-04 | N/A | 6.5 MEDIUM |
| Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device. | |||||
| CVE-2026-35061 | 1 Anviz | 2 Cx7, Cx7 Firmware | 2026-05-04 | N/A | 5.3 MEDIUM |
| Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | |||||
| CVE-2026-35546 | 1 Anviz | 4 Cx2 Lite, Cx2 Lite Firmware, Cx7 and 1 more | 2026-05-04 | N/A | 9.8 CRITICAL |
| Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. | |||||
| CVE-2026-40066 | 1 Anviz | 4 Cx2 Lite, Cx2 Lite Firmware, Cx7 and 1 more | 2026-05-04 | N/A | 8.8 HIGH |
| Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | |||||
| CVE-2026-40461 | 1 Anviz | 4 Cx2 Lite, Cx2 Lite Firmware, Cx7 and 1 more | 2026-05-04 | N/A | 7.5 HIGH |
| Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise. | |||||