Anviz Cx2 Lite Firmware CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-33569	1 Anviz	2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware	2026-04-18	6.5 Medium
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.
CVE-2026-40461	1 Anviz	2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware	2026-04-17	7.5 High
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.
CVE-2026-40066	1 Anviz	2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware	2026-04-17	8.8 High
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.

Page 1 of 1.