Description
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute code
and obtain a reverse shell.
Published: 2026-04-17
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Contact Vendor
AI Analysis

Impact

Unauthenticated firmware uploads on Anviz CX2 Lite and CX7 devices allow attackers to send crafted archives that the device accepts and executes as firmware. This flaw, identified as CWE‑306, can lead to arbitrary code execution and the establishment of a reverse shell, enabling full compromise of the system.

Affected Systems

The affected products are Anviz CX2 Lite Firmware and Anviz CX7 Firmware. Specific version details are not provided in the advisory, so all firmware revisions of these devices may be vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. With no EPSS score available and the vulnerability not listed in KEV, exploitation likelihood is uncertain, but the lack of authentication combined with the ability to plant malicious code makes the attack vector highly dangerous. The probable attack path involves an attacker sending a malicious firmware package over the local network or to an exposed update interface, which is then processed without authentication, leading to system compromise.

Generated by OpenCVE AI on April 18, 2026 at 09:05 UTC.

Remediation

Vendor Workaround

Anviz did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Anviz for more information at https://www.anviz.com/contact-us.html.

OpenCVE Recommended Actions

  • Contact Anviz to obtain a firmware patch or formal fix.
  • Restrict or disable the firmware upload interface so only trusted networks can access it.
  • Segment the device from untrusted networks and monitor for unexpected firmware update activity.

Generated by OpenCVE AI on April 18, 2026 at 09:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Description Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.
Title Anviz Products Missing Authentication for Critical Function
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-17T20:05:28.411Z

Reserved: 2026-04-14T15:47:54.234Z

Link: CVE-2026-35546

cve-icon Vulnrichment

Updated: 2026-04-17T20:05:18.682Z

cve-icon NVD

Status : Received

Published: 2026-04-17T20:16:35.380

Modified: 2026-04-17T20:16:35.380

Link: CVE-2026-35546

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses