CVE-2026-31927 - Vulnerability Details

- Anviz CX7 Firmware Relative Path Traversal

Description

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal
to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized
SSH access when combined with debug‑setting changes

Published: 2026-04-17

Score: 4.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Anviz CX7 Firmware is vulnerable through an authenticated CSV upload feature. The flaw allows an attacker to supply file paths containing traversal characters, enabling the overwrite of any file referenced by the device, such as /etc/shadow. By modifying critical system files and combining this capability with changes to debug settings, an attacker can gain unauthorized SSH access and potentially control the device. This represents a form of remote code execution or privilege escalation for authenticated users.

Affected Systems

The affected product is Anviz CX7 Firmware. No specific version information is available, so all released firmware editions should be considered potentially vulnerable.

Risk and Exploitability

The CVSS score of 4.9 indicates a moderate level of severity. Because the EPSS score is not available, no current exploitation probability has been quantified, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector requires authenticated access to the CSV upload endpoint, but once accessed it can overwrite arbitrary files, making it highly impactful if exploited. Organizations should treat this as a moderate risk pending a vendor fix.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Anviz

Anviz CX7 Firmware

unaffected

Version	Status	Constraints
`All versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:anviz:cx7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:anviz:cx7:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Anviz

Anviz Cx7 Firmware

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Workaround

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information at https://www.anviz.com/contact-us.html.

OpenCVE Recommended Actions

Contact Anviz support at https://www.anviz.com/contact-us.html to request a patch or detailed mitigation guidance.
Restrict CSV upload access to the minimum set of trusted users, and disable the feature entirely if it is not required for operations.
Configure input validation or enforce path restrictions on uploads so that filenames containing ".." or absolute paths are rejected; if the firmware does not support this, use network policies to block the upload service from directories containing critical system files.
Audit device logs for unexpected file modifications and consider disabling debug setting changes or SSH access to limit potential damage until a vendor fix is applied.

Generated by OpenCVE AI on April 18, 2026 at 09:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

History

Mon, 04 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Anviz cx7 Anviz cx7 Firmware
CPEs		cpe:2.3:h:anviz:cx7:-:::::::* cpe:2.3:o:anviz:cx7_firmware:-:::::::*
Vendors & Products		Anviz cx7 Anviz cx7 Firmware

Fri, 17 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 17 Apr 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Anviz Anviz anviz Cx7 Firmware
Vendors & Products		Anviz Anviz anviz Cx7 Firmware

Fri, 17 Apr 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description		Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes
Title		Anviz CX7 Firmware Relative Path Traversal
Weaknesses		CWE-23
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json https://www.anviz.com/contact-us.html https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N'}`

Subscriptions

Anviz Anviz Cx7 Firmware Cx7 Cx7 Firmware

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2026-04-17T19:24:53.893Z

Updated: 2026-04-17T20:34:41.679Z

Reserved: 2026-04-14T15:42:14.030Z

Link: CVE-2026-31927

Vulnrichment

Updated: 2026-04-17T20:34:33.930Z

NVD

Status : Analyzed

Published: 2026-04-17T20:16:33.370

Modified: 2026-05-04T14:32:05.370

Link: CVE-2026-31927

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses

CWE-23

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object