Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.
The attacker sends a crafted firmware archive directly to the device, which does not verify the identity of the sender (lack of authentication mechanism — CWE-306). The malicious archive is accepted and processed by the device. As a result, the attacker can place and execute their own code on the device and then obtain a reverse shell providing persistent access.
The attacker gains full control over the device, including the ability to execute arbitrary code and obtain remote access (reverse shell), which threatens the confidentiality, integrity, and availability of the system.
Apply patches available from the manufacturer according to the references — details in the CISA ICS-CERT advisory ICSA-26-106-03 and on the manufacturer's website. Until patches are implemented, it is recommended to isolate devices from public networks and restrict network access only to trusted hosts.
Anviz CX2 Lite, Anviz CX2 Lite Firmware, Anviz CX7, Anviz CX7 Firmware — specific versions indicated in manufacturer references (ICS-CERT advisory ICSA-26-106-03)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAnviz Cx2 Lite
HWAnvizwszystkie wersjeAnviz Cx2 Lite Firmware
OSAnvizwszystkie wersjeAnviz Cx7
HWAnvizwszystkie wersjeAnviz Cx7 Firmware
OSAnvizwszystkie wersje
Related vulnerabilities
Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling ...
Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbi...
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks ...
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enab...
Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authe...