Medium severity6.5NVD Advisory· Published Apr 17, 2026· Updated May 4, 2026

CVE-2026-33569

Description

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.

Affected products

Anviz/Cx2 Lite Firmware
cpe:2.3:o:anviz:cx2_lite_firmware:-:*:*:*:*:*:*:*
Anviz/Cx7 Firmware
cpe:2.3:o:anviz:cx7_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.jsonnvdThird Party Advisory
www.anviz.com/contact-us.htmlnvdProduct
www.cisa.gov/news-events/ics-advisories/icsa-26-106-03nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000