CRITICAL🇵🇱 Wersja polska

CVE-2026-35546

CVSS 9.8v3.1pub. 2026-04-17upd. 2026-05-04

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

🤖 AI Analysis
How it works

The attacker sends a crafted firmware archive directly to the device, which does not verify the identity of the sender (lack of authentication mechanism — CWE-306). The malicious archive is accepted and processed by the device. As a result, the attacker can place and execute their own code on the device and then obtain a reverse shell providing persistent access.

Impact

The attacker gains full control over the device, including the ability to execute arbitrary code and obtain remote access (reverse shell), which threatens the confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the manufacturer according to the references — details in the CISA ICS-CERT advisory ICSA-26-106-03 and on the manufacturer's website. Until patches are implemented, it is recommended to isolate devices from public networks and restrict network access only to trusted hosts.

Who is affected

Anviz CX2 Lite, Anviz CX2 Lite Firmware, Anviz CX7, Anviz CX7 Firmware — specific versions indicated in manufacturer references (ICS-CERT advisory ICSA-26-106-03)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Anviz Cx2 Lite

    HW
    Anviz
    wszystkie wersje
  • Anviz Cx2 Lite Firmware

    OS
    Anviz
    wszystkie wersje
  • Anviz Cx7

    HW
    Anviz
    wszystkie wersje
  • Anviz Cx7 Firmware

    OS
    Anviz
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-32324HIGH7.7ten sam produkt

Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling ...

CVE-2026-35682HIGH8.8ten sam produkt

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbi...

CVE-2026-40066HIGH8.8ten sam produkt

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks ...

CVE-2026-40461HIGH7.5ten sam produkt

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enab...

CVE-2026-35061MEDIUM5.3ten sam produkt

Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authe...