EUVD-2026-23494

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...

EUVD-2026-23498

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

EUVD-2026-23484

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

EUVD-2026-23521

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

EUVD-2026-23492

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell...

EUVD-2026-23478

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

CVE-2026-35546

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell...

CVE-2026-40066

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...

CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

CVE-2026-33569

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

CVE-2026-32648

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

CVE-2026-35682

The CVE-2026-35682 vulnerability affects Anviz CX2 Lite. An authenticated attacker can inject commands via a filename parameter, enabling arbitrary command execution and root-level access (example: starting telnetd). The available connected sources confirm the affected product and the root-level ...

CVE-2026-35682 Anviz CX2 Lite Command Injection

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

CVE-2026-35682 Anviz CX2 Lite Command Injection

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

CVE-2026-40066

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...

CVE-2026-40066

CVE-2026-40066 affects Anviz CX2 Lite and CX7 due to unverified update packages that can be uploaded. The device may unpack and execute a script, resulting in unauthenticated remote code execution. Root cause appears to be lack of integrity verification for update packages before execution. Impac...

CVE-2026-40066 Anviz Products Download of Code Without Integrity Check

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...

CVE-2026-40066 Anviz Products Download of Code Without Integrity Check

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...