Anviz Cx2_lite_firmware
6 CVEs affecting Anviz Cx2_lite_firmware. Latest disclosed: 2026-04-17. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35546 | Critical | 9.8 | 2026-04-17 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execut… |
CVE-2026-40066 | High | 8.8 | 2026-04-17 | Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticate… |
CVE-2026-35682 | High | 8.8 | 2026-04-17 | Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd)… |
CVE-2026-40461 | High | 7.5 | 2026-04-17 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes th… |
CVE-2026-33569 | Medium | 6.5 | 2026-04-17 | Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compro… |
CVE-2026-32648 | Medium | 5.3 | 2026-04-17 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in re… |