Description
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable
encryption, causing database credentials to be sent in plaintext and
enabling unauthorized database access.
Published: 2026-04-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized database credentials exposure leading to unauthorized database access
Action: Contact Vendor
AI Analysis

Impact

This vulnerability allows an attacker to manipulate the TDS7 PreLogin negotiation of Anviz CrossChex Standard so that encryption is disabled. As a result, database credentials are transmitted in clear text, enabling the attacker to capture them and gain unauthorized access to the backend database. The weakness is categorized as CWE‑757 due to the inappropriate use of algorithmic downgrade.

Affected Systems

The affected product is Anviz CrossChex Standard. No specific version information was disclosed, so all deployed units of this model should be considered at risk until further notice.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, but the EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, through the device’s network interface that processes TDS7 PreLogin messages; an adversary would need to transmit a crafted packet or intercept traffic to override the encryption setting. Given the lack of publicly available exploits, the immediate risk remains limited, yet the potential for credential theft warrants prompt action.

Generated by OpenCVE AI on April 18, 2026 at 09:03 UTC.

Remediation

Vendor Workaround

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information at https://www.anviz.com/contact-us.html.

OpenCVE Recommended Actions

  • Contact Anviz for guidance on disabling the insecure PreLogin modification and any available firmware fix.
  • Apply any vendor‑supplied firmware or configuration update that enforces encryption during the PreLogin phase to prevent downgrade attacks.
  • Restrict network access to the device with firewall rules or IDS signatures that detect and block attempts to alter the PreLogin encryption flag, and monitor for unexpected clear‑text credential traffic.
  • Verify that the device’s configuration requires encryption by default and that clients cannot override this setting, ensuring compliance with secure algorithm usage.

Generated by OpenCVE AI on April 18, 2026 at 09:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.
Title Anviz CrossChex Standard Algorithm Downgrade
Weaknesses CWE-757
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-17T20:26:17.922Z

Reserved: 2026-04-14T15:42:14.116Z

Link: CVE-2026-32650

cve-icon Vulnrichment

Updated: 2026-04-17T20:26:11.187Z

cve-icon NVD

Status : Received

Published: 2026-04-17T20:16:34.360

Modified: 2026-04-17T20:16:34.360

Link: CVE-2026-32650

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses