Description
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling
on‑path attackers to sniff credentials and session data, which can be
used to compromise the device.
Published: 2026-04-17
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Exposure
Action: Contact Vendor
AI Analysis

Impact

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, allowing attackers to sniff credentials and session data. This cleartext transmission of sensitive information can lead to a compromise of the device, enabling an attacker to obtain administrative control. The weakness is CWE‑319, which directly threatens confidentiality by exposing authentication data.

Affected Systems

The vulnerability affects Anviz CX2 Lite Firmware and Anviz CX7 Firmware. Users of these products should be aware that management interfaces are unsecured and may allow traffic interception.

Risk and Exploitability

The CVSS score of 6.5 reflects moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation data. The likely attack vector is an on‑path network sniffing scenario where an attacker can read traffic between an administrator and the device. Once credentials are captured, an attacker can maintain persistent control over the device.

Generated by OpenCVE AI on April 18, 2026 at 09:06 UTC.

Remediation

Vendor Workaround

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information at https://www.anviz.com/contact-us.html.

OpenCVE Recommended Actions

  • Contact Anviz to request a secure management interface or a patch that enforces HTTPS.
  • If the device supports it, reconfigure the administration port to use HTTPS or upgrade to a firmware version that provides secure transport.
  • Restrict network access to the device’s HTTP management port using firewalls or VLANs so that only trusted administrators can reach it.
  • Monitor network traffic for unauthorized HTTP sessions to the device as an additional detection measure.

Generated by OpenCVE AI on April 18, 2026 at 09:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Anviz cx2 Lite
Anviz cx2 Lite Firmware
Anviz cx7
Anviz cx7 Firmware
CPEs cpe:2.3:h:anviz:cx2_lite:-:*:*:*:*:*:*:*
cpe:2.3:h:anviz:cx7:-:*:*:*:*:*:*:*
cpe:2.3:o:anviz:cx2_lite_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:anviz:cx7_firmware:-:*:*:*:*:*:*:*
Vendors & Products Anviz cx2 Lite
Anviz cx2 Lite Firmware
Anviz cx7
Anviz cx7 Firmware

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Anviz
Anviz anviz Cx2 Lite Firmware
Anviz anviz Cx7 Firmware
Vendors & Products Anviz
Anviz anviz Cx2 Lite Firmware
Anviz anviz Cx7 Firmware

Fri, 17 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Description Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.
Title Anviz Products Cleartext Transmission of Sensitive Information
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Anviz Anviz Cx2 Lite Firmware Anviz Cx7 Firmware Cx2 Lite Cx2 Lite Firmware Cx7 Cx7 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-17T20:32:48.104Z

Reserved: 2026-04-14T15:42:14.069Z

Link: CVE-2026-33569

cve-icon Vulnrichment

Updated: 2026-04-17T20:32:40.934Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T20:16:34.847

Modified: 2026-05-04T14:31:32.547

Link: CVE-2026-33569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses