MEDIUM🇬🇧 English

CVE-2026-33569

CVSS 6.5v3.1pub. 2026-04-17upd. 2026-05-04

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Anviz Cx2 Lite

    HW
    Anviz
    wszystkie wersje
  • Anviz Cx2 Lite Firmware

    OS
    Anviz
    wszystkie wersje
  • Anviz Cx7

    HW
    Anviz
    wszystkie wersje
  • Anviz Cx7 Firmware

    OS
    Anviz
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-35546CRITICAL9.8PL ✓ten sam produkt

Nieautoryzowane przesyłanie firmware w urządzeniach Anviz CX2 Lite i CX7

CVE-2026-35682HIGH8.8ten sam produkt

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbi...

CVE-2026-40066HIGH8.8ten sam produkt

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks ...

CVE-2026-40461HIGH7.5ten sam produkt

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enab...

CVE-2026-32324HIGH7.7ten sam produkt

Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling ...