Anviz CX2 Lite and CX7 firmware are vulnerable to unauthenticated remote code execution through unverified update packages.
Claims
Anviz CX2 Lite and CX7 firmware are vulnerable to unauthenticated remote code execution through unverified update packages.
Parent: Anviz CX2 Lite and CX7 FirmwareEntity: Unauthenticated Remote Code ExecutionImpact: negativeDate: Apr 17, 2026Target: Anviz CX2 Lite and CX7 firmware
Anviz CX2 Lite and CX7 firmware use HTTP for administrative sessions, allowing on-path attackers to intercept credentials and session data.
Parent: Anviz CX2 Lite and CX7 FirmwareEntity: Insecure Communication ProtocolsImpact: negativeDate: Apr 17, 2026Target: Anviz CX2 Lite and CX7 firmware
Anviz CX2 Lite and CX7 firmware are vulnerable to unauthenticated firmware uploads, enabling attackers to plant and execute code.
Parent: Anviz CX2 Lite and CX7 FirmwareEntity: Firmware Upload VulnerabilitiesImpact: negativeDate: Apr 17, 2026Target: Anviz CX2 Lite and CX7 firmware
Source posts
π¨ EUVD-2026-23498
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Anviz CX7 Firmware, Anviz CX2 Lite Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23498
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23480
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Anviz CX7 Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures
a photo with the front facing camera, exposing visual information about
the deployment environment.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23480
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23488
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Anviz CX7 Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be
retrieved without authentication, revealing sensitive operational
imagery.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23488
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23476
π Score: 7.7/10 (CVSS v3.1)
π¦ Product: Anviz CX7 Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX7 Firmware is
vulnerable because the application embeds reusable certificate/key
material, enabling decryption of MQTT traffic and potential interaction
with device messaging channels at scale.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23476
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23470
π Score: 4.9/10 (CVSS v3.1)
π¦ Product: Anviz CX7 Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal
to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized
SSH access when combined with debugβsetting changes
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23470
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23484
π Score: 6.5/10 (CVSS v3.1)
π¦ Product: Anviz CX2 Lite Firmware, Anviz CX7 Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling
onβpath attackers to sniff credentials and session data, which can be
used to compromise the device.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23484
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23478
π Score: 5.3/10 (CVSS v3.1)
π¦ Product: Anviz CX2 Lite Firmware, Anviz CX7 Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug
configuration details (e.g., SSH/RTTY status), assisting attackers in
reconnaissance against the device.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23478
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23492
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: Anviz CX7 Firmware, Anviz CX2 Lite Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute code
and obtain a reverse shell.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23492
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
π¨ EUVD-2026-23494
π Score: 8.8/10 (CVSS v3.1)
π¦ Product: Anviz CX2 Lite Firmware, Anviz CX7 Firmware
π’ Vendor: Anviz
π
Updated: 2026-04-17
π Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The
device unpacks and executes a script resulting in unauthenticated remote
code execution.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23494
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts Β· 0 favs Β· 0 replies Β· Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability