Vendor
Anviz
Products
4
CVEs
12
Across products
18
Status
Private
Products
4- 9 CVEs
- 6 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
12| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35546 | Cri | 0.64 | 9.8 | 0.00 | Apr 17, 2026 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. | |
| CVE-2026-40066 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2026 | Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | |
| CVE-2026-35682 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2026 | Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. | |
| CVE-2026-40434 | Hig | 0.53 | 8.1 | 0.00 | Apr 17, 2026 | Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. | |
| CVE-2026-32324 | Hig | 0.50 | 7.7 | 0.00 | Apr 17, 2026 | Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale. | |
| CVE-2026-40461 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2026 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise. | |
| CVE-2026-32650 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2026 | Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. | |
| CVE-2026-33569 | Med | 0.42 | 6.5 | 0.00 | Apr 17, 2026 | Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device. | |
| CVE-2026-35061 | Med | 0.34 | 5.3 | 0.00 | Apr 17, 2026 | Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | |
| CVE-2026-33093 | Med | 0.34 | 5.3 | 0.00 | Apr 17, 2026 | Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | |
| CVE-2026-32648 | Med | 0.34 | 5.3 | 0.00 | Apr 17, 2026 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | |
| CVE-2026-31927 | Med | 0.32 | 4.9 | 0.00 | Apr 17, 2026 | Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes |